Filtered by vendor Golang Subscriptions
Total 148 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-3114 5 Debian, Fedoraproject, Golang and 2 more 13 Debian Linux, Fedora, Go and 10 more 2024-11-21 6.5 Medium
In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.
CVE-2021-39293 3 Golang, Netapp, Redhat 7 Go, Cloud Insights Telegraf, Advanced Cluster Security and 4 more 2024-11-21 7.5 High
In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196.
CVE-2021-38561 2 Golang, Redhat 6 Text, Acm, Container Native Virtualization and 3 more 2024-11-21 7.5 High
golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack.
CVE-2021-38297 3 Fedoraproject, Golang, Redhat 4 Fedora, Go, Enterprise Linux and 1 more 2024-11-21 9.8 Critical
Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used.
CVE-2021-36221 6 Debian, Fedoraproject, Golang and 3 more 15 Debian Linux, Fedora, Go and 12 more 2024-11-21 5.9 Medium
Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.
CVE-2021-34558 5 Fedoraproject, Golang, Netapp and 2 more 19 Fedora, Go, Cloud Insights Telegraf and 16 more 2024-11-21 6.5 Medium
The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.
CVE-2021-33198 2 Golang, Redhat 13 Go, Advanced Cluster Security, Container Native Virtualization and 10 more 2024-11-21 7.5 High
In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.
CVE-2021-33197 2 Golang, Redhat 11 Go, Advanced Cluster Security, Container Native Virtualization and 8 more 2024-11-21 5.3 Medium
In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.
CVE-2021-33196 3 Debian, Golang, Redhat 8 Debian Linux, Go, Devtools and 5 more 2024-11-21 7.5 High
In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic.
CVE-2021-33195 3 Golang, Netapp, Redhat 12 Go, Cloud Insights Telegraf Agent, Advanced Cluster Security and 9 more 2024-11-21 7.3 High
Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.
CVE-2021-33194 3 Fedoraproject, Golang, Redhat 4 Fedora, Go, Logging and 1 more 2024-11-21 7.5 High
golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input.
CVE-2021-31525 3 Fedoraproject, Golang, Redhat 11 Fedora, Go, Advanced Cluster Security and 8 more 2024-11-21 5.9 Medium
net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.
CVE-2021-29923 4 Fedoraproject, Golang, Oracle and 1 more 13 Fedora, Go, Timesten In-memory Database and 10 more 2024-11-21 7.5 High
Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR.
CVE-2021-27919 2 Fedoraproject, Golang 2 Fedora, Go 2024-11-21 5.5 Medium
archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename.
CVE-2021-27918 2 Golang, Redhat 4 Go, Enterprise Linux, Openshift Container Storage and 1 more 2024-11-21 7.5 High
encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.
CVE-2021-23772 2 Golang, Iris-go 2 Go, Iris 2024-11-21 7.5 High
This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write to arbitrary locations outside the designated target folder.
CVE-2020-9283 3 Debian, Golang, Redhat 7 Debian Linux, Package Ssh, 3scale Amp and 4 more 2024-11-21 7.5 High
golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client.
CVE-2020-7919 4 Debian, Fedoraproject, Golang and 1 more 4 Debian Linux, Fedora, Go and 1 more 2024-11-21 7.5 High
Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate.
CVE-2020-29652 2 Golang, Redhat 4 Ssh, Container Native Virtualization, Enterprise Linux and 1 more 2024-11-21 7.5 High
A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers.
CVE-2020-29511 2 Golang, Netapp 2 Go, Trident 2024-11-21 9.8 Critical
The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.