Go Tls Handshake Crash Vulnerability Cve 2021 34558
Go Tls Handshake Crash Vulnerability Cve 2021 34558
GO TLS handshake Crash vulnerability CVE-2021-34558
Vulnerability Description
There is a minor modification to ./vendor/github.com/refraction-networking/utls/handshake_server.go to enable the malicious handshake to be sent with a mismatching certificate/cipher.
Vulnerability Impact
Go Version < (1.16.6+)
Vulnerability reappears
</a-alert>
The https service will be generated, and a crash will occur when the version is lower, for example, when some scanners scan the target.
This post is licensed under CC BY 4.0 by the author.