Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Go
(Golang)| Repositories | https://github.com/golang/go |
| #Vulnerabilities | 121 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-08-02 | CVE-2021-33196 | In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic. | Debian_linux, Go | 7.5 | ||
| 2022-01-01 | CVE-2021-44716 | net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests. | Debian_linux, Go, Cloud_insights_telegraf | 7.5 | ||
| 2022-01-24 | CVE-2021-39293 | In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196. | Go, Cloud_insights_telegraf | 7.5 | ||
| 2022-02-11 | CVE-2022-23806 | Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element. | Debian_linux, Go, Beegfs_csi_driver, Cloud_insights_telegraf_agent, Kubernetes_monitoring_operator, Storagegrid | 9.1 | ||
| 2022-04-20 | CVE-2022-27536 | Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic. | Go | 7.5 | ||
| 2022-08-10 | CVE-2022-32189 | A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service. | Go | 7.5 | ||
| 2021-03-11 | CVE-2021-27918 | encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method. | Go | 7.5 | ||
| 2022-12-07 | CVE-2022-41720 | On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS("C:/tmp").Open("COM1") opens the COM1 device. Both os.DirFS and http.Dir only provide read-only filesystem access. In addition, on Windows, an os.DirFS for the directory (the root of the current drive) can permit a maliciously... | Go | 7.5 | ||
| 2022-02-11 | CVE-2022-23772 | Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. | Debian_linux, Go, Beegfs_csi_driver, Cloud_insights_telegraf_agent, Kubernetes_monitoring_operator, Storagegrid | 7.5 | ||
| 2021-08-02 | CVE-2021-33195 | Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format. | Go, Cloud_insights_telegraf_agent | 7.3 |