Panic on large handshake records in crypto/tls
CVE-2022-41724

7.5HIGH

Key Information:

Vendor: Go Standard Library
Status: Crypto/tls
Vendor: CVE Published:; 28 February 2023

🔔 Create Go Standard Library Vulnerability Alert

What is CVE-2022-41724?

The vulnerability arises when large TLS handshake records are sent, potentially causing panic in both clients and servers. Specifically, this issue impacts all TLS 1.3 clients and those TLS 1.2 clients that have session resumption enabled. Furthermore, TLS 1.3 servers that request client certificates are also affected. The improper handling of the handshake records can lead to crashes, disrupting secure communications and creating security risks. Developers are advised to apply the latest security updates to mitigate this issue.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

crypto/tls 0 < 1.19.6

crypto/tls 1.20.0-0 < 1.20.1

References

https://go.dev/issue/58001

https://go.dev/cl/468125

https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 28, 2023
Vulnerability Reserved
Sep 28, 2022

Credit

Marten Seemann

JSON

Go Standard Library

What is CVE-2022-41724?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.