Golang

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-27191 3Fedoraproject GolangRedhat 4Advanced Cluster Management For Kubernetes Extra Packages For Enterprise LinuxFedora+1 more Nov 21, 2024 Mar 18, 2022 N/A· v4 7.5 HIGH· v3 4.3 MEDIUM· v2 The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.
CVE-2022-24921 3Debian GolangNetapp 3Astra Trident Debian LinuxGo Nov 21, 2024 Mar 5, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.
CVE-2022-23806 3Debian GolangNetapp 6Beegfs Csi Driver Cloud Insights Telegraf AgentDebian Linux+3 more Nov 21, 2024 Feb 11, 2022 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.
CVE-2022-23773 2Golang Netapp 5Beegfs Csi Driver Cloud Insights Telegraf AgentGo+2 more Nov 21, 2024 Feb 11, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches b...Show more cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.Show less
CVE-2022-23772 3Debian GolangNetapp 6Beegfs Csi Driver Cloud Insights Telegraf AgentDebian Linux+3 more Nov 21, 2024 Feb 11, 2022 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.
CVE-2021-39293 2Golang Netapp 2Cloud Insights Telegraf Go Nov 21, 2024 Jan 24, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an inc...Show more In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196.Show less
CVE-2021-44717 2Debian Golang 2Debian Linux Go Nov 21, 2024 Jan 1, 2022 N/A· v4 4.8 MEDIUM· v3 5.8 MEDIUM· v2 Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustio...Show more Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.Show less
CVE-2021-44716 3Debian GolangNetapp 3Cloud Insights Telegraf Debian LinuxGo Nov 21, 2024 Jan 1, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.
CVE-2021-41772 3Fedoraproject GolangOracle 3Fedora GoTimesten In Memory Database Nov 21, 2024 Nov 8, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.
CVE-2021-41771 3Debian FedoraprojectGolang 3Debian Linux FedoraGo Nov 21, 2024 Nov 8, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.
CVE-2021-38297 2Fedoraproject Golang 2Fedora Go Nov 21, 2024 Oct 18, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used.
CVE-2021-36221 5Debian FedoraprojectGolang+2 more 5Debian Linux FedoraGo+2 more Nov 21, 2024 Aug 8, 2021 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.
CVE-2021-29923 3Fedoraproject GolangOracle 3Fedora GoTimesten In Memory Database Nov 21, 2024 Aug 7, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of...Show more Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR.Show less
CVE-2021-33198 1Golang 1Go Nov 21, 2024 Aug 2, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.
CVE-2021-33197 1Golang 1Go Nov 21, 2024 Aug 2, 2021 N/A· v4 5.3 MEDIUM· v3 4.3 MEDIUM· v2 In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.
CVE-2021-33196 2Debian Golang 2Debian Linux Go Nov 21, 2024 Aug 2, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic.
CVE-2021-33195 2Golang Netapp 2Cloud Insights Telegraf Agent Go Nov 21, 2024 Aug 2, 2021 N/A· v4 7.3 HIGH· v3 7.5 HIGH· v2 Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC...Show more Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.Show less
CVE-2021-34558 4Fedoraproject GolangNetapp+1 more 6Cloud Insights Telegraf FedoraGo+3 more Nov 21, 2024 Jul 15, 2021 N/A· v4 6.5 MEDIUM· v3 2.6 LOW· v2 The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to c...Show more The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.Show less
CVE-2012-2666 1Golang 1Go Nov 21, 2024 Jul 9, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script.
CVE-2021-31525 2Fedoraproject Golang 2Fedora Go Nov 21, 2024 May 27, 2021 N/A· v4 5.9 MEDIUM· v3 2.6 LOW· v2 net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in...Show more net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.Show less

Previous 1...789 10 11 Next