Bug 2268019 (CVE-2024-24783) - CVE-2024-24783 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm
Summary: CVE-2024-24783 golang: crypto/x509: Verify panics on certificates with an unk...
Keywords:
Status: NEW
Alias: CVE-2024-24783
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2349085 2268246 2268247 2268248 2276443 2276444 2276445 2276446 2276447 2276448 2276449 2276450 2276451 2276452 2276453 2276454 2276455 2276456 2276457 2276458 2276621 2292180 2292181
Blocks: 2268016
TreeView+ depends on / blocked
 
Reported: 2024-03-06 01:57 UTC by Robb Gatica
Modified: 2025-05-06 08:28 UTC (History)
108 users (show)

Fixed In Version: go 1.21.8, go 1.22.1
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2024:3397 0 None None None 2024-05-28 12:59:56 UTC
Red Hat Product Errata RHBA-2024:4031 0 None None None 2024-06-20 14:52:06 UTC
Red Hat Product Errata RHBA-2024:4032 0 None None None 2024-06-20 14:52:23 UTC
Red Hat Product Errata RHBA-2024:4033 0 None None None 2024-06-20 15:39:55 UTC
Red Hat Product Errata RHBA-2024:5335 0 None None None 2024-08-13 17:32:46 UTC
Red Hat Product Errata RHSA-2024:0041 0 None None None 2024-06-27 11:24:02 UTC
Red Hat Product Errata RHSA-2024:0045 0 None None None 2024-06-27 13:01:17 UTC
Red Hat Product Errata RHSA-2024:1616 0 None None None 2024-07-01 00:29:04 UTC
Red Hat Product Errata RHSA-2024:2088 0 None None None 2024-04-29 02:27:07 UTC
Red Hat Product Errata RHSA-2024:2562 0 None None None 2024-04-30 14:39:50 UTC
Red Hat Product Errata RHSA-2024:2724 0 None None None 2024-05-07 10:38:43 UTC
Red Hat Product Errata RHSA-2024:3259 0 None None None 2024-05-22 11:39:59 UTC
Red Hat Product Errata RHSA-2024:3346 0 None None None 2024-05-23 18:06:36 UTC
Red Hat Product Errata RHSA-2024:3617 0 None None None 2024-07-01 00:52:57 UTC
Red Hat Product Errata RHSA-2024:3621 0 None None None 2024-06-05 05:15:44 UTC
Red Hat Product Errata RHSA-2024:3637 0 None None None 2024-07-01 00:40:13 UTC
Red Hat Product Errata RHSA-2024:3781 0 None None None 2024-06-10 18:37:16 UTC
Red Hat Product Errata RHSA-2024:3790 0 None None None 2024-06-11 02:33:36 UTC
Red Hat Product Errata RHSA-2024:3868 0 None None None 2024-06-17 00:44:21 UTC
Red Hat Product Errata RHSA-2024:4023 0 None None None 2024-06-20 12:37:31 UTC
Red Hat Product Errata RHSA-2024:4028 0 None None None 2024-06-20 13:20:23 UTC
Red Hat Product Errata RHSA-2024:4034 0 None None None 2024-06-20 16:14:54 UTC
Red Hat Product Errata RHSA-2024:4125 0 None None None 2024-06-26 13:53:31 UTC
Red Hat Product Errata RHSA-2024:4126 0 None None None 2024-06-26 14:31:59 UTC
Red Hat Product Errata RHSA-2024:4520 0 None None None 2024-07-11 17:32:45 UTC
Red Hat Product Errata RHSA-2024:4591 0 None None None 2024-07-17 13:15:14 UTC
Red Hat Product Errata RHSA-2024:4893 0 None None None 2024-07-29 00:17:04 UTC
Red Hat Product Errata RHSA-2024:5258 0 None None None 2024-08-13 00:38:22 UTC
Red Hat Product Errata RHSA-2024:6186 0 None None None 2024-09-03 19:52:15 UTC
Red Hat Product Errata RHSA-2024:6187 0 None None None 2024-09-03 08:11:05 UTC
Red Hat Product Errata RHSA-2024:6188 0 None None None 2024-09-03 18:52:09 UTC
Red Hat Product Errata RHSA-2024:6189 0 None None None 2024-09-03 09:05:46 UTC
Red Hat Product Errata RHSA-2024:6194 0 None None None 2024-09-03 19:55:01 UTC
Red Hat Product Errata RHSA-2024:6195 0 None None None 2024-09-03 09:18:15 UTC
Red Hat Product Errata RHSA-2024:6221 0 None None None 2024-09-03 11:45:17 UTC
Red Hat Product Errata RHSA-2024:6969 0 None None None 2024-09-24 03:21:34 UTC
Red Hat Product Errata RHSA-2024:9485 0 None None None 2024-11-13 13:15:46 UTC

Description Robb Gatica 2024-03-06 01:57:37 UTC 
Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic.

This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.

https://github.com/golang/go/issues/65390
Comment 4 Robb Gatica 2024-03-06 19:22:56 UTC 
Created golang tracking bugs for this issue:

Affects: epel-all [bug 2268247]
Affects: fedora-all [bug 2268246]
Comment 18 errata-xmlrpc 2024-04-29 02:27:00 UTC 
This issue has been addressed in the following products:

  Cryostat 2 on RHEL 8

Via RHSA-2024:2088 https://access.redhat.com/errata/RHSA-2024:2088
Comment 19 errata-xmlrpc 2024-04-30 14:39:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:2562 https://access.redhat.com/errata/RHSA-2024:2562
Comment 22 errata-xmlrpc 2024-05-07 10:38:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:2724 https://access.redhat.com/errata/RHSA-2024:2724
Comment 24 errata-xmlrpc 2024-05-22 11:39:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:3259 https://access.redhat.com/errata/RHSA-2024:3259
Comment 25 errata-xmlrpc 2024-05-23 18:06:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:3346 https://access.redhat.com/errata/RHSA-2024:3346
Comment 26 errata-xmlrpc 2024-06-05 05:15:35 UTC 
This issue has been addressed in the following products:

  Red Hat Openshift distributed tracing 3.2

Via RHSA-2024:3621 https://access.redhat.com/errata/RHSA-2024:3621
Comment 28 errata-xmlrpc 2024-06-10 18:37:07 UTC 
This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.4 for RHEL 9
  Red Hat Ansible Automation Platform 2.4 for RHEL 8

Via RHSA-2024:3781 https://access.redhat.com/errata/RHSA-2024:3781
Comment 29 errata-xmlrpc 2024-06-11 02:33:27 UTC 
This issue has been addressed in the following products:

  OADP-1.3-RHEL-9

Via RHSA-2024:3790 https://access.redhat.com/errata/RHSA-2024:3790
Comment 32 errata-xmlrpc 2024-06-17 00:44:10 UTC 
This issue has been addressed in the following products:

  NETWORK-OBSERVABILITY-1.6.0-RHEL-9

Via RHSA-2024:3868 https://access.redhat.com/errata/RHSA-2024:3868
Comment 33 errata-xmlrpc 2024-06-20 12:37:22 UTC 
This issue has been addressed in the following products:

  Openshift Serverless 1 on RHEL 8

Via RHSA-2024:4023 https://access.redhat.com/errata/RHSA-2024:4023
Comment 34 errata-xmlrpc 2024-06-20 13:20:12 UTC 
This issue has been addressed in the following products:

  RHOSS-1.33-RHEL-8

Via RHSA-2024:4028 https://access.redhat.com/errata/RHSA-2024:4028
Comment 35 errata-xmlrpc 2024-06-20 16:14:46 UTC 
This issue has been addressed in the following products:

  Service Interconnect 1 for RHEL 9

Via RHSA-2024:4034 https://access.redhat.com/errata/RHSA-2024:4034
Comment 36 errata-xmlrpc 2024-06-26 13:53:21 UTC 
This issue has been addressed in the following products:

  Service Interconnect 1.4 for RHEL 8
  Service Interconnect 1.4 for RHEL 9

Via RHSA-2024:4125 https://access.redhat.com/errata/RHSA-2024:4125
Comment 37 errata-xmlrpc 2024-06-26 14:31:49 UTC 
This issue has been addressed in the following products:

  Service Interconnect 1.4 for RHEL 9

Via RHSA-2024:4126 https://access.redhat.com/errata/RHSA-2024:4126
Comment 38 errata-xmlrpc 2024-06-27 11:23:53 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.16

Via RHSA-2024:0041 https://access.redhat.com/errata/RHSA-2024:0041
Comment 39 errata-xmlrpc 2024-06-27 13:01:09 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.16

Via RHSA-2024:0045 https://access.redhat.com/errata/RHSA-2024:0045
Comment 40 errata-xmlrpc 2024-07-01 00:28:53 UTC 
This issue has been addressed in the following products:

  RODOO-1.1-RHEL-9

Via RHSA-2024:1616 https://access.redhat.com/errata/RHSA-2024:1616
Comment 41 errata-xmlrpc 2024-07-01 00:40:03 UTC 
This issue has been addressed in the following products:

  OSSO-1.3-RHEL-9

Via RHSA-2024:3637 https://access.redhat.com/errata/RHSA-2024:3637
Comment 42 errata-xmlrpc 2024-07-01 00:52:48 UTC 
This issue has been addressed in the following products:

  KDO-5.0-RHEL-9

Via RHSA-2024:3617 https://access.redhat.com/errata/RHSA-2024:3617
Comment 44 errata-xmlrpc 2024-07-11 17:32:37 UTC 
This issue has been addressed in the following products:

  Red Hat Migration Toolkit for Containers 1.7

Via RHSA-2024:4520 https://access.redhat.com/errata/RHSA-2024:4520
Comment 45 errata-xmlrpc 2024-07-17 13:15:03 UTC 
This issue has been addressed in the following products:

  RHODF-4.16-RHEL-9

Via RHSA-2024:4591 https://access.redhat.com/errata/RHSA-2024:4591
Comment 46 errata-xmlrpc 2024-07-29 00:16:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2024:4893 https://access.redhat.com/errata/RHSA-2024:4893
Comment 47 errata-xmlrpc 2024-08-13 00:38:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:5258 https://access.redhat.com/errata/RHSA-2024:5258
Comment 48 errata-xmlrpc 2024-09-03 08:10:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:6187 https://access.redhat.com/errata/RHSA-2024:6187
Comment 49 errata-xmlrpc 2024-09-03 09:05:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:6189 https://access.redhat.com/errata/RHSA-2024:6189
Comment 50 errata-xmlrpc 2024-09-03 09:18:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:6195 https://access.redhat.com/errata/RHSA-2024:6195
Comment 51 errata-xmlrpc 2024-09-03 11:45:10 UTC 
This issue has been addressed in the following products:

  OPENSHIFT-BUILDS-1.1-RHEL-8

Via RHSA-2024:6221 https://access.redhat.com/errata/RHSA-2024:6221
Comment 52 errata-xmlrpc 2024-09-03 18:52:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:6188 https://access.redhat.com/errata/RHSA-2024:6188
Comment 53 errata-xmlrpc 2024-09-03 19:52:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:6186 https://access.redhat.com/errata/RHSA-2024:6186
Comment 54 errata-xmlrpc 2024-09-03 19:54:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:6194 https://access.redhat.com/errata/RHSA-2024:6194
Comment 55 errata-xmlrpc 2024-09-24 03:21:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:6969 https://access.redhat.com/errata/RHSA-2024:6969
Comment 56 errata-xmlrpc 2024-11-13 13:15:38 UTC 
This issue has been addressed in the following products:

  Red Hat OpenStack Services on OpenShift PODIFIED 1.0

Via RHSA-2024:9485 https://access.redhat.com/errata/RHSA-2024:9485
Note You need to log in before you can comment on or make changes to this bug.