Search CVE reports
71 – 76 of 76 results
Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.
10 affected packages
golang-1.10, golang, golang-1.6, golang-1.8, golang-1.9...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-1.10 | Not in release | Not in release | Not in release | Needs evaluation |
| golang | Not in release | Not in release | Not in release | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.9 | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.13 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Needs evaluation | Not in release |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.17 | Not in release | Needs evaluation | Not in release | Not in release |
| golang-1.15 | — | — | Not in release | Not in release |
Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.
5 affected packages
golang-1.17, golang-1.11, golang-1.8, golang-1.7, golang-1.15
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-1.17 | Not in release | Vulnerable | Not in release | Not in release |
| golang-1.11 | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.7 | Not in release | Not in release | Not in release | Not in release |
| golang-1.15 | — | — | Not in release | Not in release |
Some fixes available 6 of 22
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.
8 affected packages
golang-golang-x-net, google-guest-agent, golang-1.17, golang-1.11, golang-1.8...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-golang-x-net | Not affected | Not affected | Not in release | Not in release |
| google-guest-agent | Fixed | Fixed | Fixed | Vulnerable |
| golang-1.17 | Not in release | Vulnerable | Not in release | Not in release |
| golang-1.11 | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.7 | Not in release | Not in release | Not in release | Not in release |
| golang-golang-x-net-dev | Not in release | Not in release | Vulnerable | Vulnerable |
| golang-1.15 | — | — | Not in release | Not in release |
Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.
6 affected packages
golang-1.17, golang-1.16, golang-1.11, golang-1.15, golang-1.7, golang-1.8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-1.17 | Not in release | Needs evaluation | — | — |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.11 | — | — | — | — |
| golang-1.15 | — | — | — | — |
| golang-1.7 | — | — | — | — |
| golang-1.8 | — | — | — | Needs evaluation |
ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.
6 affected packages
golang-1.17, golang-1.16, golang-1.15, golang-1.7, golang-1.8, golang-1.11
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-1.17 | Not in release | Needs evaluation | — | — |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.15 | — | — | — | — |
| golang-1.7 | — | — | — | — |
| golang-1.8 | — | — | — | Needs evaluation |
| golang-1.11 | — | — | — | — |
In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete...
6 affected packages
golang-1.17, golang-1.16, golang-1.11, golang-1.8, golang-1.7, golang-1.15
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-1.17 | Not in release | Not affected | Not in release | Not in release |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.11 | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.7 | Not in release | Not in release | Not in release | Not in release |
| golang-1.15 | — | — | Not in release | Not in release |