CVE-2017-1000097

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-1000097

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000097.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-1000097

Aliases

GO-2022-0171

Published

2017-10-05T01:29:03.947Z

Modified

2026-04-10T03:55:59.853971Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate.

References

Affected packages

Git / github.com/golang/go

Affected ranges

Type

GIT

Repo

https://github.com/golang/go

Events

Introduced

Fixed

aa1e69f3fc21795b6fab531a07008e0744ffe5bf

Introduced

0d818588685976407c81c60d2fda289361cbc8ec

Fixed

6b36535cf382bce845dd2d272276e7ba350b0c6b

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.6.4"
        },
        {
            "introduced": "1.7"
        },
        {
            "fixed": "1.7.4"
        }
    ]
}

Affected versions

go1.*

go1.3beta1

go1.3beta2

go1.4beta1

go1.5beta1

go1.5beta2

go1.5beta3

go1.6

go1.6.1

go1.6.2

go1.6.3

go1.6beta1

go1.6beta2

go1.6rc1

go1.6rc2

go1.7

go1.7.1

go1.7.2

go1.7.3

release.*

release.r56

Other

weekly

weekly.*

weekly.2009-11-06

weekly.2009-11-10

weekly.2009-11-10.1

weekly.2009-11-12

weekly.2009-11-17

weekly.2009-12-07

weekly.2009-12-09

weekly.2009-12-22

weekly.2010-01-05

weekly.2010-01-13

weekly.2010-01-27

weekly.2010-02-04

weekly.2010-02-17

weekly.2010-02-23

weekly.2010-03-04

weekly.2010-03-15

weekly.2010-03-22

weekly.2010-03-30

weekly.2010-04-13

weekly.2010-04-27

weekly.2010-05-04

weekly.2010-05-27

weekly.2010-06-09

weekly.2010-06-21

weekly.2010-07-01

weekly.2010-07-14

weekly.2010-07-29

weekly.2010-08-04

weekly.2010-08-11

weekly.2010-08-25

weekly.2010-09-06

weekly.2010-09-15

weekly.2010-09-22

weekly.2010-09-29

weekly.2010-10-13

weekly.2010-10-13.1

weekly.2010-10-20

weekly.2010-10-27

weekly.2010-11-02

weekly.2010-11-10

weekly.2010-11-23

weekly.2010-12-02

weekly.2010-12-08

weekly.2010-12-15

weekly.2010-12-15.1

weekly.2010-12-22

weekly.2011-01-06

weekly.2011-01-12

weekly.2011-01-19

weekly.2011-01-20

weekly.2011-02-01

weekly.2011-02-01.1

weekly.2011-02-15

weekly.2011-02-24

weekly.2011-03-07

weekly.2011-03-07.1

weekly.2011-03-15

weekly.2011-03-28

weekly.2011-04-04

weekly.2011-04-13

weekly.2011-04-27

weekly.2011-05-22

weekly.2011-06-02

weekly.2011-06-09

weekly.2011-06-16

weekly.2011-06-23

weekly.2011-07-07

weekly.2011-07-19

weekly.2011-07-29

weekly.2011-08-10

weekly.2011-08-17

weekly.2011-09-01

weekly.2011-09-07

weekly.2011-09-16

weekly.2011-09-21

weekly.2011-10-06

weekly.2011-10-18

weekly.2011-10-25

weekly.2011-10-26

weekly.2011-11-01

weekly.2011-11-02

weekly.2011-11-08

weekly.2011-11-09

weekly.2011-11-18

weekly.2011-12-01

weekly.2011-12-02

weekly.2011-12-06

weekly.2011-12-14

weekly.2011-12-22

weekly.2012-01-15

weekly.2012-01-20

weekly.2012-01-27

weekly.2012-02-07

weekly.2012-02-14

weekly.2012-02-22

weekly.2012-03-04

weekly.2012-03-13

weekly.2012-03-22

weekly.2012-03-27

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000097.json"