CVE-2014-7189

Published: Oct 7, 2014Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors.

Affected (8)

Products: Golang: Go

1 product

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Golang Go	Version 1.1.1
Golang Go	Version 1.1.2
Golang Go	Version 1.1
Golang Go	Version 1.2.1
Golang Go	Version 1.2.2
Golang Go	Version 1.2
Golang Go	Version 1.3.1
Golang Go	Version 1.3

Related CWEs

References (8)

http://www.openwall.com/lists/oss-security/2014/09/26/28

Source: security@ubuntu.com

http://www.securityfocus.com/bid/70156

Source: security@ubuntu.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/96693

Source: security@ubuntu.com

https://groups.google.com/forum/#%21msg/golang-nuts/eeOHNw_shwU/OHALUmroA5kJ

Source: security@ubuntu.com

http://www.openwall.com/lists/oss-security/2014/09/26/28

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/70156

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/96693

Source: af854a3a-2127-422b-91ae-364da2661108

https://groups.google.com/forum/#%21msg/golang-nuts/eeOHNw_shwU/OHALUmroA5kJ

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.