CVE-2020-7919

HIGH7.5EPSS 0.70%

Panic in certificate parsing in crypto/x509 and golang.org/x/crypto/cryptobyte

Published: 6/23/2021Modified: 2/4/2026

Description

On 32-bit architectures, a malformed input to crypto/x509 or the ASN.1 parsing functions of golang.org/x/crypto/cryptobyte can lead to a panic. The malformed certificate can be delivered via a crypto/tls connection to a client, or to a server that accepts client certificates. net/http clients can be made to crash by an HTTPS server, while net/http servers that accept client certificates will recover the panic and are unaffected.

Affected packages (6)

Bitnami/golang>= 1.12.0, < 1.12.6, >= 1.13.0, < 1.13.7
Go/github.com/helm/helm>= 2.0.0, < 2.16.8
Go/golang.org/x/cryptofrom 0, < 0.0.0-20200124225646-8b5121be2f68
Go/golang.org/x/cryptofrom 0, < 0.0.0-20200124225646-8b5121be2f68
Go/helm.sh/helm/v3>= 3.0.0, < 3.1.0
Go/stdlibfrom 0, < 1.12.16, >= 1.13.0-0, < 1.13.7

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Description

Affected packages (6)

CVSS scores

References (21)