Product:

Go

(Golang)
Repositories https://github.com/golang/go
#Vulnerabilities 58
Date Id Summary Products Score Patch Annotated
2021-08-02 CVE-2021-33196 In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic. Go 7.5
2021-08-08 CVE-2021-36221 Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort. Fedora, Go 5.9
2021-11-08 CVE-2021-41771 ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation. Fedora, Go 7.5
2022-01-01 CVE-2021-44716 net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests. Go 7.5
2022-01-01 CVE-2021-44717 Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion. Go 4.8
2021-11-08 CVE-2021-41772 Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field. Fedora, Go 7.5
2021-10-18 CVE-2021-38297 Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used. Go 9.8
2021-07-15 CVE-2021-34558 The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic. Fedora, Go, Cloud_insights_telegraf, Storagegrid, Trident 6.5
2019-10-24 CVE-2019-17596 Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates. Cloudvision_portal, Eos, Mos, Terminattr, Debian_linux, Fedora, Go, Leap, Developer_tools, Enterprise_linux, Enterprise_linux_server 7.5
2020-11-18 CVE-2020-28362 Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. Fedora, Go, Cloud_insights_telegraf_agent, Trident 7.5