Vulnerability CVE-2021-34558

Vulnerability Name:

CVE-2021-34558 (CCN-205578)

Assigned:

2021-07-12

Published:

2021-07-12

Updated:

2022-08-04

Summary:

The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.

CVSS v3 Severity:

6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

6.5 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
5.7 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

CWE-295
CWE-20

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2021-34558

Source: XF
Type: UNKNOWN
go-cve202134558-dos(205578)

Source: CCN
Type: go GIT Repository
crypto/tls: clients can panic when provided a certificate of the wrong type for the negotiated parameters (CVE-2021-34558) #47143

Source: MISC
Type: Release Notes, Vendor Advisory
https://golang.org/doc/devel/release#go1.16.minor

Source: MISC
Type: Mailing List, Third Party Advisory
https://groups.google.com/g/golang-announce

Source: MISC
Type: Mailing List, Release Notes, Third Party Advisory
https://groups.google.com/g/golang-announce/c/n9FxMelZGAQ

Source: CCN
Type: Google Groups Web site
Go 1.16.6 and Go 1.15.14 are released

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-1bfb61f77c

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-07e4d20196

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-ffa749f7f7

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-25c0011e78

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-54f88bebd4

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-3a55403080

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-6ac9b98f9e

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-c35235c250

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-47d259d3cf

Source: GENTOO
Type: Third Party Advisory
GLSA-202208-02

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20210813-0005/

Source: CCN
Type: IBM Security Bulletin 6488897 (App Connect Enterprise Certified Container)
IBM App Connect Enterprise Certified Container may be vulnerable to Denial of Service via CVE-2021-34558

Source: CCN
Type: IBM Security Bulletin 6489851 (Cloud Automation Manager)
A security vulnerability in Golang Go affects IBM Cloud Automation Manager

Source: CCN
Type: IBM Security Bulletin 6492207 (Watson Discovery)
IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Go

Source: CCN
Type: IBM Security Bulletin 6499711 (Cloud Pak for Integration)
Operations Dashboard is vulnerable to multiple Go vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6501839 (Cloud Pak for Integration)
IBM Cloud Pak for Integration is vulnerable to multiple Go vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6514825 (Cloud Pak for Multicloud Management)
A security vulnerability in Golang Go affects IBM Cloud Pak for Multicloud Management Managed Services

Source: CCN
Type: IBM Security Bulletin 6519392 (Cloud Pak System)
Multiple vulnerabilities have been found in Golang Go which is shipped with Cloud Pak System

Source: CCN
Type: IBM Security Bulletin 6524682 (Spectrum Protect Plus)
Vulnerabilities in Redis, OpenSSH, Golang Go, and Apache Kafka may affect IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and OpenShift

Source: CCN
Type: IBM Security Bulletin 6525250 (Spectrum Copy Data Management)
Vulnerabilities in PostgreSQL, Apache, Golang Go, and Linux Kernel affect IBM Spectrum Copy Data Management

Source: CCN
Type: IBM Security Bulletin 6536940 (Cloud Pak for Multicloud Management Security Services)
Security vulnerabilities in Go affect IBM Cloud Pak for Multicloud Management Hybrid GRC.

Source: CCN
Type: IBM Security Bulletin 6550866 (Security Guardium)
IBM Security Guardium Insights is affected by multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6565099 (Planning Analytics)
IBM Planning Analytics Workspace is affected by security vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6574411 (Cloud Private)
Security Vulnerabilities affect IBM Cloud Private - Golang (CVE-2021-34558)

Source: CCN
Type: IBM Security Bulletin 6606299 (Cloud Pak for Multicloud Management)
IBM Cloud Pak for Multicloud Management Monitoring has multiple vulnerabilities associated with the Go runtime (CVE-2021-29923, CVE-2021-31525, CVE-2021-33194, CVE-2021-33195, CVE-2021-33196, CVE-2021-33197, CVE-2021-33198)

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html

Source: CCN
Type: Oracle CPUOct2021
Oracle Critical Patch Update Advisory - October 2021

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html

Vulnerable Configuration:

Configuration 1:

cpe:/a:golang:go:*:*:*:*:*:*:*:* (Version < 1.15.14)

OR cpe:/a:golang:go:*:*:*:*:*:*:*:* (Version >= 1.16.0 and < 1.16.6)

Configuration 2:

cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:netapp:storagegrid:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:trident:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:cloud_insights_telegraf:-:*:*:*:*:*:*:*

Configuration 4:

cpe:/a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:* (Version < 21.1.1.1.0)

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:9:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:9::appstream:*:*:*:*:*

Configuration CCN 1:

cpe:/a:golang:go:1.15.13:*:*:*:*:*:*:*

OR cpe:/a:golang:go:1.16.5:*:*:*:*:*:*:*

AND

cpe:/a:ibm:planning_analytics:2.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_discovery:2.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_protect_plus:10.1.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_private:3.2.1:cd:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_protect_plus:10.1.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_private:3.2.2:cd:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect_enterprise_certified_container:1.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect_enterprise_certified_container:1.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect_enterprise_certified_container:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect_enterprise_certified_container:1.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect_enterprise_certified_container:1.0.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_protect_plus:10.1.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_discovery:2.2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_protect_plus:10.1.8:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_copy_data_management:2.2.13:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:com.redhat.rhsa:def:20227954	P	RHSA-2022:7954: podman security and bug fix update (Moderate)	2022-11-15
oval:org.opensuse.security:def:6097	P	Security update for the Linux Kernel (Important)	2022-07-13
oval:org.opensuse.security:def:94904	P	gdm-41.3-150400.2.7 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94905	P	gnome-autoar-devel-0.4.1-150400.1.10 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:101617	P	Security update for xen (Moderate) (in QA)	2022-04-07
oval:org.opensuse.security:def:101618	P	Security update for libvirt (Moderate) (in QA)	2022-04-07
oval:org.opensuse.security:def:4564	P	Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP5) (Important)	2022-03-29
oval:org.opensuse.security:def:4565	P	Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP5) (Important)	2022-03-29
oval:org.opensuse.security:def:112334	P	go1.15-1.15.15-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:112337	P	go1.16-1.16.8-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:105856	P	Security update for binutils (Moderate)	2021-11-09
oval:com.redhat.rhsa:def:20214226	P	RHSA-2021:4226: grafana security, bug fix, and enhancement update (Moderate)	2021-11-09
oval:org.opensuse.security:def:105855	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:4495	P	Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP5) (Important)	2021-10-12
oval:org.opensuse.security:def:4496	P	Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP5) (Important)	2021-10-12
oval:com.redhat.rhsa:def:20213076	P	RHSA-2021:3076: go-toolset:rhel8 security, bug fix, and enhancement update (Moderate)	2021-08-10
oval:org.opensuse.security:def:110983	P	Security update for go1.16 (Important)	2021-07-22
oval:org.opensuse.security:def:110984	P	Security update for go1.15 (Moderate)	2021-07-22
oval:org.opensuse.security:def:76254	P	Security update for go1.15 (Moderate)	2021-07-19
oval:org.opensuse.security:def:111627	P	Security update for go1.15 (Moderate)	2021-07-19
oval:org.opensuse.security:def:101792	P	Security update for go1.15 (Moderate)	2021-07-19
oval:org.opensuse.security:def:65654	P	Security update for go1.15 (Moderate)	2021-07-19
oval:org.opensuse.security:def:74653	P	Security update for go1.15 (Moderate)	2021-07-19
oval:org.opensuse.security:def:108284	P	Security update for go1.15 (Moderate)	2021-07-19
oval:org.opensuse.security:def:65584	P	Security update for go1.16 (Important)	2021-07-19
oval:org.opensuse.security:def:117797	P	Security update for go1.16 (Important)	2021-07-19
oval:org.opensuse.security:def:67186	P	Security update for go1.15 (Moderate)	2021-07-19
oval:org.opensuse.security:def:74721	P	Security update for go1.16 (Important)	2021-07-19
oval:org.opensuse.security:def:65585	P	Security update for go1.15 (Moderate)	2021-07-19
oval:org.opensuse.security:def:117798	P	Security update for go1.15 (Moderate)	2021-07-19
oval:org.opensuse.security:def:74722	P	Security update for go1.15 (Moderate)	2021-07-19
oval:org.opensuse.security:def:111625	P	Security update for go1.16 (Important)	2021-07-19
oval:org.opensuse.security:def:101791	P	Security update for go1.16 (Important)	2021-07-19
oval:org.opensuse.security:def:65653	P	Security update for go1.16 (Important)	2021-07-19
oval:org.opensuse.security:def:74652	P	Security update for go1.16 (Important)	2021-07-19
oval:org.opensuse.security:def:108283	P	Security update for go1.16 (Important)	2021-07-19

BACK