Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Go
(Golang)Repositories | https://github.com/golang/go |
#Vulnerabilities | 121 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2022-02-11 | CVE-2022-23806 | Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element. | Debian_linux, Go, Beegfs_csi_driver, Cloud_insights_telegraf_agent, Kubernetes_monitoring_operator, Storagegrid | 9.1 | ||
2022-03-05 | CVE-2022-24921 | regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. | Debian_linux, Go, Astra_trident | 7.5 | ||
2022-04-20 | CVE-2022-24675 | encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data. | Fedora, Go, Kubernetes_monitoring_operator | 7.5 | ||
2022-04-20 | CVE-2022-27536 | Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic. | Go | 7.5 | ||
2022-04-20 | CVE-2022-28327 | The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input. | Extra_packages_for_enterprise_linux, Fedora, Go | 7.5 | ||
2022-06-23 | CVE-2022-29526 | Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible. | Fedora, Go, Beegfs_csi_driver | 5.3 | ||
2022-07-15 | CVE-2022-30634 | Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes. | Go, Cloud_insights_telegraf_agent | 7.5 | ||
2022-08-10 | CVE-2022-1705 | Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid. | Go | 6.5 | ||
2022-08-10 | CVE-2022-1962 | Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations. | Go | 5.5 | ||
2022-08-10 | CVE-2022-28131 | Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document. | Fedora, Go, Cloud_insights_telegraf | 7.5 |