CVE-2024-45341

medium

Description

A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs.

References

https://security.netapp.com/advisory/ntap-20250221-0004/

https://pkg.go.dev/vuln/GO-2025-3373

https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ

https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ

https://go.dev/issue/71156

https://go.dev/cl/643099

Details

Source: Mitre, NVD

Published: 2025-01-28

Updated: 2025-02-21

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium