CNNVD-202602-804 Information
CNNVD ID
CNNVD-202602-804
Related CVE
- CNNVD Published: 2026-02-05
Description (Chinese)
Google Go是美国谷歌(Google)公司的一种静态强类型、编译型、并发型,并具有垃圾回收功能的编程语言。 Google Go存在安全漏洞,该漏洞源于crypto/tls会话恢复期间,如果底层Config的ClientCAs或RootCAs字段在初始握手和恢复握手之间发生变更,可能导致恢复握手在不该成功时成功,造成客户端或服务器与不应恢复会话的对端恢复会话。
Description (English)
Google Go is a static type, compiler, hairdresser of Google and a programme language with a garbage recovery function. Google Go has a security loophole, which originates during the recovery of the crypto/tls session, if changes occur between the initial handshake and the restoration of the RootCAs field at the bottom of the Config Config, which could lead to the resumption of handshakes when they should not have succeeded, and to the resumption of a session between the client or server and the opposite of the session that should not have resumed.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
谷歌
Published
2026-02-05
Last Modified
2026-02-24
References
https://go.dev/cl/737700 https://go.dev/issue/77217 https://groups.google.com/g/golang-announce/c/K09ubi9FQFk https://pkg.go.dev/vuln/GO-2026-4337