Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Go
(Golang)| Repositories | https://github.com/golang/go |
| #Vulnerabilities | 119 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-11-08 | CVE-2021-41772 | Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field. | Fedora, Go, Timesten_in\-Memory_database | 7.5 | ||
| 2022-04-20 | CVE-2022-24675 | encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data. | Fedora, Go, Kubernetes_monitoring_operator | 7.5 | ||
| 2022-04-20 | CVE-2022-28327 | The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input. | Extra_packages_for_enterprise_linux, Fedora, Go | 7.5 | ||
| 2022-06-23 | CVE-2022-29526 | Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible. | Fedora, Go, Beegfs_csi_driver | 5.3 | ||
| 2022-07-15 | CVE-2022-30634 | Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes. | Go, Cloud_insights_telegraf_agent | 7.5 | ||
| 2022-08-10 | CVE-2022-1705 | Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid. | Go | 6.5 | ||
| 2022-08-10 | CVE-2022-1962 | Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations. | Go | 5.5 | ||
| 2022-08-10 | CVE-2022-28131 | Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document. | Fedora, Go, Cloud_insights_telegraf | 7.5 | ||
| 2022-08-10 | CVE-2022-29804 | Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack. | Go | 7.5 | ||
| 2022-08-10 | CVE-2022-30580 | Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset. | Go | 7.8 |