Search CVE reports

Toggle filters

61 – 70 of 76 results

CVE-2022-30629

Medium priority

Some fixes available 10 of 13

Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.

8 affected packages

golang-1.17, golang-1.18, golang-1.7, golang-1.8, golang-1.11...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.17 Not in release Vulnerable
golang-1.18 Not in release Fixed Fixed Fixed
golang-1.7
golang-1.8 Not affected
golang-1.11
golang-1.15
golang-1.16 Not in release Not in release Fixed Fixed
golang-1.13 Not in release Fixed Fixed Fixed
Show all 8 packages Show less packages

CVE-2022-30580

Medium priority
Not affected

Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when...

6 affected packages

golang-1.18, golang-1.11, golang-1.15, golang-1.17, golang-1.7, golang-1.8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.18 Not affected Not affected Not affected
golang-1.11
golang-1.15
golang-1.17 Not affected
golang-1.7
golang-1.8 Not affected
Show less packages

CVE-2022-29804

Medium priority
Ignored

Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack.

6 affected packages

golang-1.11, golang-1.15, golang-1.17, golang-1.18, golang-1.7, golang-1.8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.11
golang-1.15
golang-1.17 Not affected
golang-1.18 Not affected Not affected Not affected
golang-1.7
golang-1.8 Not affected
Show less packages

CVE-2022-30634

Medium priority
Needs evaluation

Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.

6 affected packages

golang-1.11, golang-1.15, golang-1.17, golang-1.18, golang-1.7, golang-1.8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.11
golang-1.15
golang-1.17 Not in release Needs evaluation
golang-1.18 Not in release Not affected Not affected Not affected
golang-1.7
golang-1.8 Needs evaluation
Show less packages

CVE-2022-29526

Medium priority

Some fixes available 6 of 19

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.

11 affected packages

golang-1.16, golang-1.13, golang, golang-1.18, golang-1.10...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.16 Not in release Not in release Fixed Fixed
golang-1.13 Not in release Not affected Not affected Not affected
golang Not in release Not in release Not in release Not in release
golang-1.18 Not in release Fixed Fixed Fixed
golang-1.10 Not in release Not in release Not in release Needs evaluation
golang-1.14 Not in release Not in release Needs evaluation Not in release
golang-1.17 Not in release Needs evaluation Not in release Not in release
golang-1.6 Not in release Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Needs evaluation
golang-1.9 Not in release Not in release Not in release Needs evaluation
golang-1.15 Not in release Not in release
Show all 11 packages Show less packages

CVE-2022-28327

Medium priority

Some fixes available 4 of 6

The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.

2 affected packages

golang-1.17, golang-1.18

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.17 Not in release Needs evaluation
golang-1.18 Not in release Fixed Fixed Fixed
Show less packages

CVE-2022-27536

Medium priority
Ignored

Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic.

2 affected packages

golang-1.17, golang-1.18

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.17 Not affected
golang-1.18 Not affected Not affected Not affected
Show less packages

CVE-2022-24675

Medium priority

Some fixes available 4 of 6

encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.

2 affected packages

golang-1.17, golang-1.18

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.17 Not in release Needs evaluation
golang-1.18 Not in release Fixed Fixed Fixed
Show less packages

CVE-2022-24921

Low priority
Needs evaluation

regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.

9 affected packages

golang-1.6, golang-1.10, golang-1.13, golang-1.15, golang-1.14...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.6
golang-1.10 Needs evaluation
golang-1.13 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.15
golang-1.14 Needs evaluation
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation
golang-1.17 Not in release Needs evaluation
golang-1.8 Needs evaluation
golang-1.9 Needs evaluation
Show all 9 packages Show less packages

CVE-2022-23773

Medium priority
Needs evaluation

cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.

10 affected packages

golang-1.13, golang, golang-1.10, golang-1.14, golang-1.15...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.13 Not in release Needs evaluation Needs evaluation Needs evaluation
golang Not in release Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Needs evaluation
golang-1.14 Not in release Not in release Needs evaluation Not in release
golang-1.15 Not in release Not in release
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation
golang-1.17 Not in release Needs evaluation Not in release Not in release
golang-1.6 Not in release Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Needs evaluation
golang-1.9 Not in release Not in release Not in release Needs evaluation
Show all 10 packages Show less packages
  1. Previous page
  2. 4
  3. 5
  4. 6
  5. 7
  6. 8
  7. Next page
Export to JSON