Product:

Go

(Golang)
Repositories https://github.com/golang/go
#Vulnerabilities 121
Date Id Summary Products Score Patch Annotated
2022-02-11 CVE-2022-23806 Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element. Debian_linux, Go, Beegfs_csi_driver, Cloud_insights_telegraf_agent, Kubernetes_monitoring_operator, Storagegrid 9.1
2022-03-05 CVE-2022-24921 regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. Debian_linux, Go, Astra_trident 7.5
2022-04-20 CVE-2022-24675 encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data. Fedora, Go, Kubernetes_monitoring_operator 7.5
2022-04-20 CVE-2022-27536 Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic. Go 7.5
2022-04-20 CVE-2022-28327 The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input. Extra_packages_for_enterprise_linux, Fedora, Go 7.5
2022-06-23 CVE-2022-29526 Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible. Fedora, Go, Beegfs_csi_driver 5.3
2022-07-15 CVE-2022-30634 Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes. Go, Cloud_insights_telegraf_agent 7.5
2022-08-10 CVE-2022-1705 Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid. Go 6.5
2022-08-10 CVE-2022-1962 Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations. Go 5.5
2022-08-10 CVE-2022-28131 Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document. Fedora, Go, Cloud_insights_telegraf 7.5