Search CVE reports

Toggle filters

71 – 77 of 77 results

CVE-2022-28327

Medium priority

Some fixes available 4 of 6

The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.

2 affected packages

golang-1.18, golang-1.17

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.18 Not in release Fixed Fixed Fixed
golang-1.17 Not in release Needs evaluation
Show less packages

CVE-2022-28131

Medium priority
Fixed

Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.

3 affected packages

golang-1.18, golang-1.16, golang-1.13

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.18 Fixed Fixed Fixed
golang-1.16 Not in release Fixed Fixed
golang-1.13 Fixed Fixed Fixed
Show less packages

CVE-2022-27664

Medium priority

Some fixes available 16 of 33

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.

14 affected packages

golang-1.10, golang-1.13, golang-1.18, golang-golang-x-net, google-guest-agent...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.10 Not in release Not in release Vulnerable
golang-1.13 Not in release Fixed Fixed Fixed
golang-1.18 Not in release Fixed Fixed Fixed
golang-golang-x-net Not affected Vulnerable Not in release Not in release
google-guest-agent Fixed Fixed Fixed Needs evaluation
containerd Not affected Not affected Not affected Not affected
golang-golang-x-net-dev Not in release Not in release Needs evaluation Needs evaluation
golang-1.14 Not in release Vulnerable Not in release
golang-1.16 Not in release Fixed Fixed
golang-1.17 Vulnerable Not in release Not in release
golang-1.6 Not in release Not in release Not in release
golang-1.8 Not in release Not in release Vulnerable
golang-1.9 Not in release Not in release Vulnerable
golang Not in release Not in release Not in release
Show all 14 packages Show less packages

CVE-2022-27536

Medium priority
Ignored

Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic.

2 affected packages

golang-1.18, golang-1.17

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.18 Not affected Not affected Not affected
golang-1.17 Not affected
Show less packages

CVE-2022-24675

Medium priority

Some fixes available 4 of 6

encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.

2 affected packages

golang-1.18, golang-1.17

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.18 Not in release Fixed Fixed Fixed
golang-1.17 Not in release Needs evaluation
Show less packages

CVE-2022-1962

Medium priority
Fixed

Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.

1 affected package

golang-1.18

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.18 Fixed Fixed Fixed
Show less packages

CVE-2022-1705

Medium priority
Fixed

Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the...

3 affected packages

golang-1.18, golang-1.16, golang-1.13

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.18 Fixed Fixed Fixed
golang-1.16 Not in release Fixed Fixed
golang-1.13 Fixed Fixed Fixed
Show less packages
  1. Previous page
  2. 4
  3. 5
  4. 6
  5. 7
  6. 8
  7. Next page
Export to JSON