Filtered by vendor Golang Subscriptions
Total 148 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-29526 5 Fedoraproject, Golang, Linux and 2 more 15 Fedora, Go, Linux Kernel and 12 more 2024-11-21 5.3 Medium
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.
CVE-2022-28327 3 Fedoraproject, Golang, Redhat 20 Extra Packages For Enterprise Linux, Fedora, Go and 17 more 2024-11-21 7.5 High
The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.
CVE-2022-28131 4 Fedoraproject, Golang, Netapp and 1 more 16 Fedora, Go, Cloud Insights Telegraf and 13 more 2024-11-21 7.5 High
Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.
CVE-2022-27664 3 Fedoraproject, Golang, Redhat 19 Fedora, Go, Acm and 16 more 2024-11-21 7.5 High
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.
CVE-2022-27536 2 Apple, Golang 2 Macos, Go 2024-11-21 7.5 High
Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic.
CVE-2022-27191 3 Fedoraproject, Golang, Redhat 12 Extra Packages For Enterprise Linux, Fedora, Ssh and 9 more 2024-11-21 7.5 High
The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.
CVE-2022-24921 4 Debian, Golang, Netapp and 1 more 11 Debian Linux, Go, Astra Trident and 8 more 2024-11-21 7.5 High
regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.
CVE-2022-24675 4 Fedoraproject, Golang, Netapp and 1 more 17 Fedora, Go, Kubernetes Monitoring Operator and 14 more 2024-11-21 7.5 High
encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.
CVE-2022-23806 4 Debian, Golang, Netapp and 1 more 14 Debian Linux, Go, Beegfs Csi Driver and 11 more 2024-11-21 9.1 Critical
Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.
CVE-2022-23773 3 Golang, Netapp, Redhat 12 Go, Beegfs Csi Driver, Cloud Insights Telegraf Agent and 9 more 2024-11-21 7.5 High
cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.
CVE-2022-23772 4 Debian, Golang, Netapp and 1 more 13 Debian Linux, Go, Beegfs Csi Driver and 10 more 2024-11-21 7.5 High
Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.
CVE-2022-1962 2 Golang, Redhat 16 Go, Acm, Application Interconnect and 13 more 2024-11-21 5.5 Medium
Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.
CVE-2022-1705 2 Golang, Redhat 22 Go, Acm, Application Interconnect and 19 more 2024-11-21 6.5 Medium
Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.
CVE-2021-44717 4 Debian, Golang, Opengroup and 1 more 10 Debian Linux, Go, Unix and 7 more 2024-11-21 4.8 Medium
Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.
CVE-2021-44716 4 Debian, Golang, Netapp and 1 more 16 Debian Linux, Go, Cloud Insights Telegraf and 13 more 2024-11-21 7.5 High
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.
CVE-2021-43565 2 Golang, Redhat 9 Ssh, Acm, Advanced Cluster Security and 6 more 2024-11-21 7.5 High
The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server.
CVE-2021-41772 4 Fedoraproject, Golang, Oracle and 1 more 8 Fedora, Go, Timesten In-memory Database and 5 more 2024-11-21 7.5 High
Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.
CVE-2021-41771 4 Debian, Fedoraproject, Golang and 1 more 6 Debian Linux, Fedora, Go and 3 more 2024-11-21 7.5 High
ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.
CVE-2021-3121 3 Golang, Hashicorp, Redhat 9 Protobuf, Consul, Acm and 6 more 2024-11-21 8.6 High
An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue.
CVE-2021-3115 5 Fedoraproject, Golang, Microsoft and 2 more 7 Fedora, Go, Windows and 4 more 2024-11-21 7.5 High
Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).