Search CVE reports
51 – 58 of 58 results
Some fixes available 11 of 20
HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP...
11 affected packages
golang-1.20, golang-1.10, golang-1.13, golang-1.14, golang-1.16...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-1.20 | Not in release | Not affected | Not affected | Not in release |
| golang-1.10 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.13 | Not in release | Fixed | Fixed | Fixed |
| golang-1.14 | Not in release | Not in release | Vulnerable | Not in release |
| golang-1.16 | Not in release | Not in release | Fixed | Fixed |
| golang-1.17 | Not in release | Vulnerable | Not in release | Not in release |
| golang-1.18 | Not in release | Fixed | Fixed | Fixed |
| golang-1.8 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.9 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.19 | Not in release | Not in release | Not in release | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release |
Some fixes available 5 of 26
Command go env is documented as outputting a shell script containing the Go environment. However, go env doesn't sanitize values, so executing its output as a shell script can cause various bad bahaviors, including executing...
14 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | — |
| golang-1.6 | Not in release | Not in release | Not in release | — |
| golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.9 | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.10 | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.13 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Needs evaluation | — |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.17 | Not in release | Fixed | Not in release | — |
| golang-1.18 | Not in release | Fixed | Fixed | Fixed |
| golang-1.19 | Not in release | Not in release | Not in release | — |
| golang-1.20 | Not in release | Needs evaluation | Needs evaluation | — |
| golang-1.21 | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.22 | Not affected | Not affected | Not affected | — |
Some fixes available 6 of 19
A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This...
14 affected packages
containerd, golang-1.19, golang-1.20, golang, golang-1.6...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| containerd | Not affected | Not affected | Not affected | Not affected |
| golang-1.19 | Not in release | Not in release | Not in release | Not in release |
| golang-1.20 | Not in release | Not affected | Not affected | Not in release |
| golang | Not in release | Not in release | Not in release | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.9 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.10 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.13 | Not in release | Vulnerable | Vulnerable | Vulnerable |
| golang-1.14 | Not in release | Not in release | Vulnerable | Not in release |
| golang-1.16 | Not in release | Not in release | Vulnerable | Vulnerable |
| golang-1.17 | Not in release | Fixed | Not in release | Not in release |
| golang-1.18 | Not in release | Fixed | Fixed | Fixed |
| golang-1.21 | Not affected | Not affected | Not affected | Not in release |
Some fixes available 6 of 13
Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all...
13 affected packages
golang-1.19, golang-1.20, golang, golang-1.6, golang-1.8...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-1.19 | Not in release | Not in release | Not in release | Not in release |
| golang-1.20 | Not in release | Not affected | Not affected | Not in release |
| golang | Not in release | Not in release | Not in release | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Not affected |
| golang-1.9 | Not in release | Not in release | Not in release | Not affected |
| golang-1.10 | Not in release | Not in release | Not in release | Not affected |
| golang-1.13 | Not in release | Vulnerable | Vulnerable | Vulnerable |
| golang-1.14 | Not in release | Not in release | Vulnerable | Not in release |
| golang-1.16 | Not in release | Not in release | Vulnerable | Vulnerable |
| golang-1.17 | Not in release | Fixed | Not in release | Not in release |
| golang-1.18 | Not in release | Fixed | Fixed | Fixed |
| golang-1.21 | Not affected | Not affected | Not affected | Not in release |
Some fixes available 11 of 30
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
16 affected packages
golang-golang-x-net, google-guest-agent, containerd, golang, golang-1.6...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-golang-x-net | Not affected | Vulnerable | Not in release | Not in release |
| google-guest-agent | Fixed | Fixed | Fixed | Vulnerable |
| containerd | Not affected | Not affected | Not affected | Not affected |
| golang | Not in release | Not in release | Not in release | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.9 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.10 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.13 | Not in release | Vulnerable | Vulnerable | Vulnerable |
| golang-1.14 | Not in release | Not in release | Vulnerable | Not in release |
| golang-1.16 | Not in release | Not in release | Vulnerable | Vulnerable |
| golang-1.17 | Not in release | Fixed | Not in release | Not in release |
| golang-1.18 | Not in release | Fixed | Fixed | Fixed |
| golang-1.19 | Not in release | Not in release | Not in release | Not in release |
| golang-1.20 | Not in release | Not affected | Not affected | Not in release |
| golang-1.21 | Not affected | Not affected | Not affected | Not in release |
A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if...
2 affected packages
golang-1.20, golang-1.19
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-1.20 | Not in release | Not affected | Not affected | Not in release |
| golang-1.19 | Not in release | Not in release | Not in release | Not in release |
Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked...
12 affected packages
golang-1.20, golang-1.13, golang-1.19, golang-1.18, golang...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-1.20 | Not in release | Needs evaluation | Needs evaluation | Not in release |
| golang-1.13 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.19 | Not in release | Not in release | Not in release | Not in release |
| golang-1.18 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang | Not in release | Not in release | Not in release | Not in release |
| golang-1.10 | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Needs evaluation | Not in release |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.17 | Not in release | Needs evaluation | Not in release | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.9 | Not in release | Not in release | Not in release | Needs evaluation |
httpTokenCacheKey uses path.Base to extract the expected HTTP-01 token value to lookup in the DirCache implementation. On Windows, path.Base acts differently to filepath.Base, since Windows uses a different path separator (\ vs....
14 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | — |
| golang-1.6 | Not in release | Not in release | Not in release | — |
| golang-1.8 | Not in release | Not in release | Not in release | Not affected |
| golang-1.9 | Not in release | Not in release | Not in release | Not affected |
| golang-1.10 | Not in release | Not in release | Not in release | Not affected |
| golang-1.13 | Not in release | Not affected | Not affected | Not affected |
| golang-1.14 | Not in release | Not in release | Not affected | — |
| golang-1.16 | Not in release | Not in release | Not affected | Not affected |
| golang-1.17 | Not in release | Not affected | Not in release | — |
| golang-1.18 | Not in release | Not affected | Not affected | Not affected |
| golang-1.19 | Not in release | Not in release | Not in release | — |
| golang-1.20 | Not in release | Not affected | Not affected | — |
| golang-1.21 | Not affected | Not affected | Not affected | — |
| golang-1.22 | Not affected | Not affected | Not affected | — |