DEBIAN-CVE-2022-41724

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2022-41724

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2022-41724.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2022-41724

Upstream

CVE-2022-41724

Published

2023-02-28T18:15:10Z

Modified

2025-09-25T23:27:50.171987Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).

References

https://security-tracker.debian.org/tracker/CVE-2022-41724

Affected packages

Debian:11 / golang-1.15

Package

Name: golang-1.15
Purl: pkg:deb/debian/golang-1.15?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.15.9-6

1.15.15-1~deb11u1

1.15.15-1~deb11u2

1.15.15-1~deb11u3

1.15.15-1~deb11u4

1.15.15-1

1.15.15-2

1.15.15-3

1.15.15-4

1.15.15-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / golang-1.19

Package

Name: golang-1.19
Purl: pkg:deb/debian/golang-1.19?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.19.6-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}