Search CVE reports

Toggle filters

61 – 70 of 77 results

CVE-2022-30633

Medium priority
Fixed

Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses...

3 affected packages

golang-1.18, golang-1.16, golang-1.13

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.18 Fixed Fixed Fixed
golang-1.16 Not in release Fixed Fixed
golang-1.13 Fixed Fixed Fixed
Show less packages

CVE-2022-30632

Medium priority
Fixed

Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.

3 affected packages

golang-1.18, golang-1.16, golang-1.13

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.18 Fixed Fixed Fixed
golang-1.16 Not in release Fixed Fixed
golang-1.13 Fixed Fixed Fixed
Show less packages

CVE-2022-30631

Medium priority
Fixed

Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files.

3 affected packages

golang-1.18, golang-1.16, golang-1.13

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.18 Fixed Fixed Fixed
golang-1.16 Not in release Fixed Fixed
golang-1.13 Fixed Fixed Fixed
Show less packages

CVE-2022-30630

Medium priority

Some fixes available 5 of 7

Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators.

3 affected packages

golang-1.18, golang-1.16, golang-1.13

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.18 Fixed Fixed Fixed
golang-1.16 Not in release Fixed Fixed
golang-1.13 Not affected Not affected Not affected
Show less packages

CVE-2022-30629

Medium priority

Some fixes available 10 of 13

Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.

8 affected packages

golang-1.17, golang-1.18, golang-1.7, golang-1.8, golang-1.11...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.17 Not in release Vulnerable
golang-1.18 Not in release Fixed Fixed Fixed
golang-1.7
golang-1.8 Not affected
golang-1.11
golang-1.15
golang-1.16 Not in release Not in release Fixed Fixed
golang-1.13 Not in release Fixed Fixed Fixed
Show all 8 packages Show less packages

CVE-2022-30580

Medium priority
Not affected

Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when...

6 affected packages

golang-1.18, golang-1.11, golang-1.15, golang-1.17, golang-1.7, golang-1.8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.18 Not affected Not affected Not affected
golang-1.11
golang-1.15
golang-1.17 Not affected
golang-1.7
golang-1.8 Not affected
Show less packages

CVE-2022-29804

Medium priority
Ignored

Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack.

6 affected packages

golang-1.11, golang-1.15, golang-1.17, golang-1.18, golang-1.7, golang-1.8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.11
golang-1.15
golang-1.17 Not affected
golang-1.18 Not affected Not affected Not affected
golang-1.7
golang-1.8 Not affected
Show less packages

CVE-2022-29526

Medium priority

Some fixes available 6 of 19

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.

11 affected packages

golang-1.16, golang-1.13, golang, golang-1.18, golang-1.10...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.16 Not in release Not in release Fixed Fixed
golang-1.13 Not in release Not affected Not affected Not affected
golang Not in release Not in release Not in release Not in release
golang-1.18 Not in release Fixed Fixed Fixed
golang-1.10 Not in release Not in release Not in release Needs evaluation
golang-1.14 Not in release Not in release Needs evaluation Not in release
golang-1.17 Not in release Needs evaluation Not in release Not in release
golang-1.6 Not in release Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Needs evaluation
golang-1.9 Not in release Not in release Not in release Needs evaluation
golang-1.15 Not in release Not in release
Show all 11 packages Show less packages

CVE-2022-2880

Medium priority

Some fixes available 10 of 18

Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter...

10 affected packages

golang-1.17, golang-1.18, golang-1.19, golang-1.13, golang-1.16...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.17 Vulnerable Not in release Not in release
golang-1.18 Not in release Fixed Fixed Fixed
golang-1.19 Not in release Not in release Not in release Not in release
golang-1.13 Not in release Fixed Fixed Fixed
golang-1.16 Not in release Not in release Fixed Fixed
golang-1.10 Not in release Not in release Not in release Vulnerable
golang-1.14 Not in release Not in release Vulnerable Not in release
golang-1.6 Not in release Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Vulnerable
golang-1.9 Not in release Not in release Not in release Vulnerable
Show all 10 packages Show less packages

CVE-2022-2879

Medium priority

Some fixes available 10 of 18

Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After...

10 affected packages

golang-1.19, golang-1.18, golang-1.17, golang-1.13, golang-1.16...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.19 Not in release Not in release Not in release Not in release
golang-1.18 Not in release Fixed Fixed Fixed
golang-1.17 Vulnerable Not in release Not in release
golang-1.13 Not in release Fixed Fixed Fixed
golang-1.16 Not in release Not in release Fixed Fixed
golang-1.10 Not in release Not in release Not in release Vulnerable
golang-1.14 Not in release Not in release Vulnerable Not in release
golang-1.6 Not in release Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Vulnerable
golang-1.9 Not in release Not in release Not in release Vulnerable
Show all 10 packages Show less packages
  1. Previous page
  2. 4
  3. 5
  4. 6
  5. 7
  6. 8
  7. Next page
Export to JSON