CVE search results

61 – 66 of 66 results

Detailed view

Sort by:

CVE-2022-1705

Medium priority

Fixed

Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the...

3 affected packages

golang-1.13, golang-1.16, golang-1.18

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang-1.13	—	Fixed	Fixed	Fixed	Fixed
golang-1.16	—	Not in release	Fixed	Fixed	Ignored
golang-1.18	—	Fixed	Fixed	Fixed	Not in release

CVE-2022-30634

Medium priority

Needs evaluation

Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.

6 affected packages

golang-1.11, golang-1.15, golang-1.17, golang-1.18, golang-1.7, golang-1.8

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang-1.11	—	—	—	—	—
golang-1.15	—	—	—	—	—
golang-1.17	Not in release	Needs evaluation	—	—	—
golang-1.18	Not in release	Not affected	Not affected	Not affected	Not affected
golang-1.7	—	—	—	—	—
golang-1.8	—	—	—	Needs evaluation	—

CVE-2022-29526

Medium priority

Some fixes available 6 of 19

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.

11 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.15...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang	Not in release	Not in release	Not in release	Not in release	Not in release
golang-1.10	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
golang-1.13	Not in release	Not affected	Not affected	Not affected	Not affected
golang-1.14	Not in release	Not in release	Needs evaluation	Not in release	Not in release
golang-1.15	—	—	Not in release	Not in release	Not in release
golang-1.16	Not in release	Not in release	Fixed	Fixed	Ignored
golang-1.17	Not in release	Needs evaluation	Not in release	Not in release	Ignored
golang-1.18	Not in release	Fixed	Fixed	Fixed	Fixed
golang-1.6	Not in release	Not in release	Not in release	Not in release	Needs evaluation
golang-1.8	Not in release	Not in release	Not in release	Needs evaluation	Not in release
golang-1.9	Not in release	Not in release	Not in release	Needs evaluation	Not in release

CVE-2022-28327

Medium priority

Some fixes available 4 of 6

The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.

2 affected packages

golang-1.17, golang-1.18

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang-1.17	Not in release	Needs evaluation	—	—	Ignored
golang-1.18	Not in release	Fixed	Fixed	Fixed	Fixed

CVE-2022-27536

Medium priority

Ignored

Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic.

2 affected packages

golang-1.17, golang-1.18

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang-1.17	—	Not affected	—	—	Ignored
golang-1.18	—	Not affected	Not affected	Not affected	Ignored

CVE-2022-24675

Medium priority

Some fixes available 4 of 6

encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.

2 affected packages

golang-1.17, golang-1.18

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang-1.17	Not in release	Needs evaluation	—	—	Ignored
golang-1.18	Not in release	Fixed	Fixed	Fixed	Fixed

Export to JSON

Results by page:

Search CVE reports