Search CVE reports
91 – 94 of 94 results
In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus, X.509 certificate...
10 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.15...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang | — | — | Not in release | Not in release |
| golang-1.10 | — | — | Not in release | Not affected |
| golang-1.13 | — | — | Not affected | Not affected |
| golang-1.14 | — | — | Not affected | Not in release |
| golang-1.15 | — | — | Not in release | Not in release |
| golang-1.11 | — | — | Not in release | Not in release |
| golang-1.12 | — | — | Not in release | Not in release |
| golang-1.6 | — | — | Not in release | Not in release |
| golang-1.8 | — | — | Not in release | Not affected |
| golang-1.9 | — | — | Not in release | Not affected |
Some fixes available 8 of 19
Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies...
8 affected packages
golang-1.10, golang, golang-1.6, golang-1.8, golang-1.9...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-1.10 | Not in release | Not in release | Not in release | Vulnerable |
| golang | Not in release | Not in release | Not in release | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.9 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.11 | Not in release | Not in release | Not in release | Not in release |
| golang-1.12 | Not in release | Not in release | Not in release | Not in release |
| golang-1.13 | Not in release | Fixed | Fixed | Fixed |
Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.
9 affected packages
golang-1.10, golang, golang-1.6, golang-1.7, golang-1.8...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-1.10 | Not in release | Not in release | Not in release | Vulnerable |
| golang | Not in release | Not in release | Not in release | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release |
| golang-1.7 | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.9 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.11 | Not in release | Not in release | Not in release | Not in release |
| golang-1.12 | Not in release | Not in release | Not in release | Not in release |
| golang-1.13 | Not in release | Not affected | Not affected | Not affected |
golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script.
9 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.15...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang | — | Not in release | Not in release | Not in release |
| golang-1.10 | — | Not in release | Not in release | Not affected |
| golang-1.13 | — | Not affected | Not affected | Not affected |
| golang-1.14 | — | Not in release | Not affected | Not in release |
| golang-1.15 | — | — | Not in release | Not in release |
| golang-1.16 | — | Not in release | Not affected | Not affected |
| golang-1.6 | — | Not in release | Not in release | Not in release |
| golang-1.8 | — | Not in release | Not in release | Not affected |
| golang-1.9 | — | Not in release | Not in release | Not affected |