{"id":"GO-2021-0223","summary":"Certificate verification error on Windows in crypto/x509","details":"On Windows, if VerifyOptions.Roots is nil, Certificate.Verify does not check the EKU requirements specified in VerifyOptions.KeyUsages. This may allow a certificate to be used for an unintended purpose.","aliases":["BIT-golang-2020-14039","CVE-2020-14039"],"modified":"2026-03-17T04:05:50.320945Z","published":"2022-02-17T17:46:03Z","database_specific":{"review_status":"REVIEWED","url":"https://pkg.go.dev/vuln/GO-2021-0223"},"references":[{"type":"FIX","url":"https://go.dev/cl/242597"},{"type":"FIX","url":"https://go.googlesource.com/go/+/82175e699a2e2cd83d3aa34949e9b922d66d52f5"},{"type":"REPORT","url":"https://go.dev/issue/39360"},{"type":"WEB","url":"https://groups.google.com/g/golang-announce/c/XZNfaiwgt2w"}],"affected":[{"package":{"name":"stdlib","ecosystem":"Go","purl":"pkg:golang/stdlib"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.13.13"},{"introduced":"1.14.0-0"},{"fixed":"1.14.5"}]}],"ecosystem_specific":{"imports":[{"symbols":["Certificate.systemVerify"],"path":"crypto/x509","goos":["windows"]}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2021-0223.json"}}],"schema_version":"1.7.5","credits":[{"name":"Niall Newman"}]}