nvd-json-data-feeds/CVE-2024/CVE-2024-453xx/CVE-2024-45341.json

{
  "id": "CVE-2024-45341",
  "sourceIdentifier": "security@golang.org",
  "published": "2025-01-28T02:15:29.147",
  "lastModified": "2025-02-21T18:15:17.960",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs."
    },
    {
      "lang": "es",
      "value": "Un certificado con un URI que tiene una direcci\u00f3n IPv6 con un ID de zona puede satisfacer incorrectamente una restricci\u00f3n de nombre de URI que se aplica a la cadena de certificados. Los certificados que contienen URI no est\u00e1n permitidos en la PKI web, por lo que esto solo afecta a los usuarios de PKI privadas que utilizan URI."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7
      }
    ]
  },
  "references": [
    {
      "url": "https://go.dev/cl/643099",
      "source": "security@golang.org"
    },
    {
      "url": "https://go.dev/issue/71156",
      "source": "security@golang.org"
    },
    {
      "url": "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ",
      "source": "security@golang.org"
    },
    {
      "url": "https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ",
      "source": "security@golang.org"
    },
    {
      "url": "https://pkg.go.dev/vuln/GO-2025-3373",
      "source": "security@golang.org"
    },
    {
      "url": "https://security.netapp.com/advisory/ntap-20250221-0004/",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    }
  ]
}