← volver
CVE-2024-45341

Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509

CVSS 6.1 MEDIUMEPSS 0.5%
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.1EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
28 ene 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Productos afectados
Go standard library · crypto/x509

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://go.dev/cl/643099https://go.dev/issue/71156https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJhttps://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJhttps://pkg.go.dev/vuln/GO-2025-3373https://security.netapp.com/advisory/ntap-20250221-0004/