Search CVE reports

Toggle filters

11 – 15 of 15 results

CVE-2021-44716

Medium priority

Some fixes available 6 of 22

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.

8 affected packages

golang-golang-x-net, google-guest-agent, golang-1.17, golang-1.11, golang-1.8...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-golang-x-net Not affected Not affected Not in release Not in release
google-guest-agent Fixed Fixed Fixed Vulnerable
golang-1.17 Not in release Vulnerable Not in release Not in release
golang-1.11 Not in release Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Vulnerable
golang-1.7 Not in release Not in release Not in release Not in release
golang-golang-x-net-dev Not in release Not in release Vulnerable Vulnerable
golang-1.15 Not in release Not in release
Show all 8 packages Show less packages

CVE-2021-33194

Medium priority
Needs evaluation

golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input.

3 affected packages

golang-golang-x-net, google-guest-agent, golang-golang-x-net-dev

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-golang-x-net Needs evaluation Needs evaluation Not in release Not in release
google-guest-agent Not affected Not affected Not affected Not affected
golang-golang-x-net-dev Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2021-31525

Low priority
Needs evaluation

net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some...

6 affected packages

golang-golang-x-net, google-guest-agent, golang-1.16, golang-1.11, golang-golang-x-net-dev, golang-1.15

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-golang-x-net Not affected Not affected Not in release Not in release
google-guest-agent Not affected Not affected Not affected Not affected
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation
golang-1.11 Not in release Not in release Not in release Not in release
golang-golang-x-net-dev Not in release Not in release Needs evaluation Needs evaluation
golang-1.15 Not in release Not in release
Show less packages

CVE-2020-28852

Low priority

Some fixes available 3 of 9

In x/text in Go before v0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)

3 affected packages

golang-golang-x-text, google-guest-agent, golang-x-text

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-golang-x-text Not affected Not affected Fixed Not in release
google-guest-agent Not affected Not affected Not affected Not affected
golang-x-text Not in release Not in release Vulnerable Fixed
Show less packages

CVE-2020-28851

Low priority

Some fixes available 3 of 10

In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)

3 affected packages

golang-golang-x-text, google-guest-agent, golang-x-text

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-golang-x-text Not affected Not affected Fixed Not in release
google-guest-agent Not affected Not affected Not affected Not affected
golang-x-text Not in release Not in release Vulnerable Fixed
Show less packages
  1. Previous page
  2. 1
  3. 2
  4. Next page
Export to JSON