CNNVD-202512-342 Information

CNNVD ID

CNNVD-202512-342

Related CVE

CVE-2025-61727

• CNNVD Published: 2025-12-03

Description (Chinese)

Google Go是美国谷歌（Google）公司的一种静态强类型、编译型、并发型，并具有垃圾回收功能的编程语言。 Google Go存在安全漏洞，该漏洞源于crypto/x509证书链中排除的子域约束未限制通配符SAN在叶证书中的使用，可能导致安全策略绕过。

Description (English)

Google Go is a static type, compiler, hairdresser of Google and a programme language with a garbage recovery function. Google Go has a security loophole, which stems from the unrestricted use of the sub-domain constraint of the crypto/x509 certificate chain by the wildcard SAN in the leaf certificate, which may result in a security strategy bypassing.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

谷歌

Published

2025-12-03

Last Modified

2026-02-24

References

https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 https://go.dev/issue/76442 https://pkg.go.dev/vuln/GO-2025-4175 https://go.dev/cl/723900 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61727

Patch

https://pkg.go.dev/crypto/x509