{"vulnerability": "CVE-2021-34558", "sightings": [{"uuid": "e5f0974a-41c5-4222-8b70-e852601779e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-34558", "type": "seen", "source": "https://t.me/arpsyndicate/253", "content": "#ExploitObserverAlert\n\nCVE-2021-34558\n\nDESCRIPTION: Exploit Observer has 25 entries related to CVE-2021-34558. The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.\n\nFIRST-EPSS: 0.002550000\nNVD-IS: 3.6\nNVD-ES: 2.8", "creation_timestamp": "2023-11-17T10:03:28.000000Z"}, {"uuid": "e51200ba-0023-4ff8-8239-22430e4d3de0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-34558", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/3847", "content": "#exploit\n1. CVE-2021-34558:\nThe crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA-key exchange, allowing a malicious TLS server to cause a TLS client to panic (PoC)\nhttps://github.com/alexzorin/cve-2021-34558\n\n2. CVE-2021-30551:\nChrome Type Confusion in V8\nhttps://googleprojectzero.github.io/0days-in-the-wild/0day-RCAs/2021/CVE-2021-30551.html\n\n3. CVE-2021-33742:\nIE out-of-bounds write in MSHTML\nhttps://googleprojectzero.github.io/0days-in-the-wild/0day-RCAs/2021/CVE-2021-33742.html", "creation_timestamp": "2021-12-07T03:28:57.000000Z"}]}