CNNVD-202506-1616 Information

CNNVD ID

CNNVD-202506-1616

Related CVE

CVE-2025-22874

• CNNVD Published: 2025-06-11

Description (Chinese)

Google Go是美国谷歌（Google）公司的一种静态强类型、编译型、并发型，并具有垃圾回收功能的编程语言。 Google Go 1.23.10之前版本和1.24.0-0至1.24.4之前版本存在安全漏洞，该漏洞源于策略验证禁用，可能导致证书链验证错误。

Description (English)

Google Go is a static type, compiler, hairdresser of Google and a programme language with a garbage recovery function. Prior to Google Go 1.23.10 and previous versions of 1.24.0-0 to 1.24.4, there was a security loophole, which stemmed from a strategy validation disablement, which could lead to errors in the certification chain.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

谷歌

Published

2025-06-11

Last Modified

2026-02-24

References

https://go.dev/issue/73612 https://pkg.go.dev/vuln/GO-2025-3749 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://go.dev/cl/670375 https://nvd.nist.gov/vuln/detail/CVE-2025-22874

Patch

https://go.dev/dl/