Search CVE reports

Toggle filters

71 – 80 of 87 results

CVE-2022-32189

Medium priority

Some fixes available 10 of 19

A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service.

11 affected packages

golang-1.13, golang, golang-1.10, golang-1.14, golang-1.16...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.13 Not in release Fixed Fixed Fixed
golang Not in release Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Needs evaluation
golang-1.14 Not in release Not in release Needs evaluation Not in release
golang-1.16 Not in release Not in release Fixed Fixed
golang-1.17 Not in release Needs evaluation Not in release Not in release
golang-1.18 Not in release Fixed Fixed Fixed
golang-1.6 Not in release Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Needs evaluation
golang-1.9 Not in release Not in release Not in release Needs evaluation
golang-1.15 Not in release Not in release
Show all 11 packages Show less packages

CVE-2022-30629

Medium priority

Some fixes available 10 of 13

Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.

8 affected packages

golang-1.17, golang-1.18, golang-1.7, golang-1.8, golang-1.11...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.17 Not in release Vulnerable
golang-1.18 Not in release Fixed Fixed Fixed
golang-1.7
golang-1.8 Not affected
golang-1.11
golang-1.15
golang-1.16 Not in release Not in release Fixed Fixed
golang-1.13 Not in release Fixed Fixed Fixed
Show all 8 packages Show less packages

CVE-2022-30580

Medium priority
Not affected

Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when...

6 affected packages

golang-1.18, golang-1.11, golang-1.15, golang-1.17, golang-1.7, golang-1.8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.18 Not affected Not affected Not affected
golang-1.11
golang-1.15
golang-1.17 Not affected
golang-1.7
golang-1.8 Not affected
Show less packages

CVE-2022-29804

Medium priority
Ignored

Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack.

6 affected packages

golang-1.11, golang-1.15, golang-1.17, golang-1.18, golang-1.7, golang-1.8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.11
golang-1.15
golang-1.17 Not affected
golang-1.18 Not affected Not affected Not affected
golang-1.7
golang-1.8 Not affected
Show less packages

CVE-2022-30634

Medium priority
Needs evaluation

Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.

6 affected packages

golang-1.11, golang-1.15, golang-1.17, golang-1.18, golang-1.7, golang-1.8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.11
golang-1.15
golang-1.17 Not in release Needs evaluation
golang-1.18 Not in release Not affected Not affected Not affected
golang-1.7
golang-1.8 Needs evaluation
Show less packages

CVE-2022-29526

Medium priority

Some fixes available 6 of 19

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.

11 affected packages

golang-1.16, golang-1.13, golang, golang-1.18, golang-1.10...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.16 Not in release Not in release Fixed Fixed
golang-1.13 Not in release Not affected Not affected Not affected
golang Not in release Not in release Not in release Not in release
golang-1.18 Not in release Fixed Fixed Fixed
golang-1.10 Not in release Not in release Not in release Needs evaluation
golang-1.14 Not in release Not in release Needs evaluation Not in release
golang-1.17 Not in release Needs evaluation Not in release Not in release
golang-1.6 Not in release Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Needs evaluation
golang-1.9 Not in release Not in release Not in release Needs evaluation
golang-1.15 Not in release Not in release
Show all 11 packages Show less packages

CVE-2022-28327

Medium priority

Some fixes available 4 of 6

The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.

2 affected packages

golang-1.17, golang-1.18

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.17 Not in release Needs evaluation
golang-1.18 Not in release Fixed Fixed Fixed
Show less packages

CVE-2022-27536

Medium priority
Ignored

Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic.

2 affected packages

golang-1.17, golang-1.18

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.17 Not affected
golang-1.18 Not affected Not affected Not affected
Show less packages

CVE-2022-24675

Medium priority

Some fixes available 4 of 6

encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.

2 affected packages

golang-1.17, golang-1.18

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.17 Not in release Needs evaluation
golang-1.18 Not in release Fixed Fixed Fixed
Show less packages

CVE-2022-24921

Low priority
Needs evaluation

regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.

9 affected packages

golang-1.6, golang-1.10, golang-1.13, golang-1.15, golang-1.14...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.6
golang-1.10 Needs evaluation
golang-1.13 Not in release Needs evaluation Needs evaluation Needs evaluation
golang-1.15
golang-1.14 Needs evaluation
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation
golang-1.17 Not in release Needs evaluation
golang-1.8 Needs evaluation
golang-1.9 Needs evaluation
Show all 9 packages Show less packages
  1. Previous page
  2. 5
  3. 6
  4. 7
  5. 8
  6. 9
  7. Next page
Export to JSON