cve/2024/CVE-2024-24783.md

### [CVE-2024-24783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783)
![](https://img.shields.io/static/v1?label=Product&message=crypto%2Fx509&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.21.8%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-476%3A%20NULL%20Pointer%20Dereference&color=brighgreen)

### Description

Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/h4ckm1n-dev/report-test
- https://github.com/testing-felickz/docker-scout-demo