Search CVE reports
61 – 70 of 74 results
CVE-2022-23772
Medium priorityRat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.
10 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.15...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.10 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.13 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Needs evaluation | Not in release | Not in release |
| golang-1.15 | — | — | Not in release | Not in release | Not in release |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation | Ignored |
| golang-1.17 | Not in release | Needs evaluation | Not in release | Not in release | Ignored |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation | Not in release |
| golang-1.9 | Not in release | Not in release | Not in release | Needs evaluation | Not in release |
CVE-2021-39293
Medium priorityIn archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete...
6 affected packages
golang-1.11, golang-1.15, golang-1.16, golang-1.17, golang-1.7, golang-1.8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-1.11 | Not in release | Not in release | Not in release | Not in release | Ignored |
| golang-1.15 | — | — | Not in release | Not in release | Ignored |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation | Ignored |
| golang-1.17 | Not in release | Not affected | Not in release | Not in release | Ignored |
| golang-1.7 | Not in release | Not in release | Not in release | Not in release | Ignored |
| golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation | Ignored |
CVE-2021-41772
Medium priorityGo before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.
6 affected packages
golang-1.11, golang-1.15, golang-1.16, golang-1.17, golang-1.7, golang-1.8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-1.11 | — | — | — | — | Ignored |
| golang-1.15 | — | — | — | — | Ignored |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation | Ignored |
| golang-1.17 | Not in release | Needs evaluation | — | — | Ignored |
| golang-1.7 | — | — | — | — | Ignored |
| golang-1.8 | — | — | — | Needs evaluation | Ignored |
CVE-2021-41771
Low priorityImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.
6 affected packages
golang-1.11, golang-1.15, golang-1.16, golang-1.17, golang-1.7, golang-1.8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-1.11 | — | — | — | — | Ignored |
| golang-1.15 | — | — | — | — | Ignored |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation | Ignored |
| golang-1.17 | Not in release | Needs evaluation | — | — | Ignored |
| golang-1.7 | — | — | — | — | Ignored |
| golang-1.8 | — | — | — | Needs evaluation | Ignored |
CVE-2021-38297
Medium priorityGo before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used.
9 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.15...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.10 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.13 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Needs evaluation | Not in release | Not in release |
| golang-1.15 | — | — | Not in release | Not in release | Not in release |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation | Ignored |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation | Not in release |
| golang-1.9 | Not in release | Not in release | Not in release | Needs evaluation | Not in release |
CVE-2021-36221
Medium priorityGo before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.
9 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.15...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.10 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.13 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Needs evaluation | Not in release | Not in release |
| golang-1.15 | — | — | Not in release | Not in release | Not in release |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation | Ignored |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation | Not in release |
| golang-1.9 | Not in release | Not in release | Not in release | Needs evaluation | Not in release |
CVE-2021-29923
Medium priorityGo before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of...
9 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.15...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.10 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.13 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Needs evaluation | Not in release | Not in release |
| golang-1.15 | — | — | Not in release | Not in release | Not in release |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation | Ignored |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation | Not in release |
| golang-1.9 | Not in release | Not in release | Not in release | Needs evaluation | Not in release |
CVE-2021-33198
Low priorityIn Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.
5 affected packages
golang-1.11, golang-1.15, golang-1.16, golang-1.7, golang-1.8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-1.11 | Not in release | Not in release | Not in release | Not in release | Ignored |
| golang-1.15 | — | — | Not in release | Not in release | Ignored |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation | Ignored |
| golang-1.7 | Not in release | Not in release | Not in release | Not in release | Ignored |
| golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation | Ignored |
CVE-2021-33197
Medium priorityIn Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.
5 affected packages
golang-1.11, golang-1.15, golang-1.16, golang-1.7, golang-1.8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-1.11 | Not in release | Not in release | Not in release | Not in release | Ignored |
| golang-1.15 | — | — | Not in release | Not in release | Ignored |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation | Ignored |
| golang-1.7 | Not in release | Not in release | Not in release | Not in release | Ignored |
| golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation | Ignored |
CVE-2021-33196
Medium priorityIn archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic.
5 affected packages
golang-1.11, golang-1.15, golang-1.16, golang-1.7, golang-1.8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-1.11 | Not in release | Not in release | Not in release | Not in release | Ignored |
| golang-1.15 | — | — | Not in release | Not in release | Ignored |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation | Ignored |
| golang-1.7 | Not in release | Not in release | Not in release | Not in release | Ignored |
| golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation | Ignored |