Filtered by vendor Golang Subscriptions
Filtered by product Go Subscriptions
Total 124 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-23806 4 Debian, Golang, Netapp and 1 more 14 Debian Linux, Go, Beegfs Csi Driver and 11 more 2024-11-21 9.1 Critical
Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.
CVE-2022-23773 3 Golang, Netapp, Redhat 12 Go, Beegfs Csi Driver, Cloud Insights Telegraf Agent and 9 more 2024-11-21 7.5 High
cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.
CVE-2022-23772 4 Debian, Golang, Netapp and 1 more 13 Debian Linux, Go, Beegfs Csi Driver and 10 more 2024-11-21 7.5 High
Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.
CVE-2022-1962 2 Golang, Redhat 16 Go, Acm, Application Interconnect and 13 more 2024-11-21 5.5 Medium
Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.
CVE-2022-1705 2 Golang, Redhat 22 Go, Acm, Application Interconnect and 19 more 2024-11-21 6.5 Medium
Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.
CVE-2021-44717 4 Debian, Golang, Opengroup and 1 more 10 Debian Linux, Go, Unix and 7 more 2024-11-21 4.8 Medium
Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.
CVE-2021-44716 4 Debian, Golang, Netapp and 1 more 16 Debian Linux, Go, Cloud Insights Telegraf and 13 more 2024-11-21 7.5 High
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.
CVE-2021-41772 4 Fedoraproject, Golang, Oracle and 1 more 8 Fedora, Go, Timesten In-memory Database and 5 more 2024-11-21 7.5 High
Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.
CVE-2021-41771 4 Debian, Fedoraproject, Golang and 1 more 6 Debian Linux, Fedora, Go and 3 more 2024-11-21 7.5 High
ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.
CVE-2021-3115 5 Fedoraproject, Golang, Microsoft and 2 more 7 Fedora, Go, Windows and 4 more 2024-11-21 7.5 High
Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).
CVE-2021-3114 5 Debian, Fedoraproject, Golang and 2 more 13 Debian Linux, Fedora, Go and 10 more 2024-11-21 6.5 Medium
In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.
CVE-2021-39293 3 Golang, Netapp, Redhat 7 Go, Cloud Insights Telegraf, Advanced Cluster Security and 4 more 2024-11-21 7.5 High
In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196.
CVE-2021-38297 3 Fedoraproject, Golang, Redhat 4 Fedora, Go, Enterprise Linux and 1 more 2024-11-21 9.8 Critical
Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used.
CVE-2021-36221 6 Debian, Fedoraproject, Golang and 3 more 15 Debian Linux, Fedora, Go and 12 more 2024-11-21 5.9 Medium
Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.
CVE-2021-34558 5 Fedoraproject, Golang, Netapp and 2 more 19 Fedora, Go, Cloud Insights Telegraf and 16 more 2024-11-21 6.5 Medium
The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.
CVE-2021-33198 2 Golang, Redhat 13 Go, Advanced Cluster Security, Container Native Virtualization and 10 more 2024-11-21 7.5 High
In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.
CVE-2021-33197 2 Golang, Redhat 11 Go, Advanced Cluster Security, Container Native Virtualization and 8 more 2024-11-21 5.3 Medium
In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.
CVE-2021-33196 3 Debian, Golang, Redhat 8 Debian Linux, Go, Devtools and 5 more 2024-11-21 7.5 High
In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic.
CVE-2021-33195 3 Golang, Netapp, Redhat 12 Go, Cloud Insights Telegraf Agent, Advanced Cluster Security and 9 more 2024-11-21 7.3 High
Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.
CVE-2021-33194 3 Fedoraproject, Golang, Redhat 4 Fedora, Go, Logging and 1 more 2024-11-21 7.5 High
golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input.