CVE-2020-7919
Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate.
Date published : 2020-03-16
https://groups.google.com/forum/#%21topic/golang-announce/Hsw4mHYc470