CVEs (5)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
3Fedoraproject GolangNetapp3Cloud Insights Telegraf FedoraGoNov 21, 2024 Aug 10, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document. |
2Golang Netapp2Cloud Insights Telegraf GoNov 21, 2024 Jan 24, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an inc...Show more |
3Debian GolangNetapp3Cloud Insights Telegraf Debian LinuxGoNov 21, 2024 Jan 1, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests. |
4Fedoraproject GolangNetapp+1 more6Cloud Insights Telegraf FedoraGo+3 moreNov 21, 2024 Jul 15, 2021 N/A· v4 6.5 MEDIUM· v3 2.6 LOW· v2 The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to c...Show more |
4Debian FedoraprojectGolang+1 more4Cloud Insights Telegraf Debian LinuxFedora+1 moreNov 21, 2024 Mar 16, 2020 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate. |