CVE-2020-14039
ADVISORY - nistSummary
In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus, X.509 certificate verification is incomplete.
EPSS Score: 0.0041 (0.607)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Improper Certificate Validation
GoLang
CREATED
UPDATED
ADVISORY IDGO-2021-0223
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
| Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
|---|---|---|---|---|---|
| stdlib | golang | - | - | <1.13.13 | 1.13.13 |
| stdlib | golang | - | - | >=1.14.0-0,<1.14.5 | 1.14.5 |
Severity and metrics
No CVSS data available from this advisory.
NIST
CREATED
UPDATED
ADVISORY IDCVE-2020-14039
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
5.3mediumDebian
CREATED
UPDATED
ADVISORY IDCVE-2020-14039
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AlowUbuntu
CREATED
UPDATED
ADVISORY IDCVE-2020-14039
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
5.3mediumGoLang
CREATED
UPDATED
ADVISORY IDGO-2021-0140
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Bitnami
CREATED
UPDATED
ADVISORY ID
BIT-2020-14039
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AmediumBitnami
CREATED
UPDATED
ADVISORY ID
BIT-golang-2020-14039
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
5.3mediumPhoton
CREATED
UPDATED
ADVISORY ID
CVE-2020-14039
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-