Search CVE reports
81 – 85 of 85 results
In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic.
5 affected packages
golang-1.11, golang-1.15, golang-1.16, golang-1.7, golang-1.8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-1.11 | Not in release | Not in release | Not in release | Not in release |
| golang-1.15 | — | — | Not in release | Not in release |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.7 | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation |
Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.
5 affected packages
golang-1.7, golang-1.11, golang-1.15, golang-1.16, golang-1.8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-1.7 | Not in release | Not in release | Not in release | Not in release |
| golang-1.11 | Not in release | Not in release | Not in release | Not in release |
| golang-1.15 | — | — | Not in release | Not in release |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation |
The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS...
9 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.15...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | Not in release |
| golang-1.10 | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.13 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Needs evaluation | Not in release |
| golang-1.15 | — | — | Not in release | Not in release |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.9 | Not in release | Not in release | Not in release | Needs evaluation |
golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script.
9 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.15...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang | — | Not in release | Not in release | Not in release |
| golang-1.10 | — | Not in release | Not in release | Not affected |
| golang-1.13 | — | Not affected | Not affected | Not affected |
| golang-1.14 | — | Not in release | Not affected | Not in release |
| golang-1.15 | — | — | Not in release | Not in release |
| golang-1.16 | — | Not in release | Not affected | Not affected |
| golang-1.6 | — | Not in release | Not in release | Not in release |
| golang-1.8 | — | Not in release | Not in release | Not affected |
| golang-1.9 | — | Not in release | Not in release | Not affected |
net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some...
6 affected packages
golang-1.11, golang-1.15, golang-1.16, golang-golang-x-net, golang-golang-x-net-dev, google-guest-agent
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-1.11 | Not in release | Not in release | Not in release | Not in release |
| golang-1.15 | — | — | Not in release | Not in release |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-golang-x-net | Not affected | Not affected | Not in release | Not in release |
| golang-golang-x-net-dev | Not in release | Not in release | Needs evaluation | Needs evaluation |
| google-guest-agent | Not affected | Not affected | Not affected | Not affected |