CVE-2022-28131
- EPSS 0.01%
- Veröffentlicht 10.08.2022 20:15:32
- Zuletzt bearbeitet 21.11.2024 06:56:48
Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.
CVE-2021-39293
- EPSS 0.02%
- Veröffentlicht 24.01.2022 01:15:07
- Zuletzt bearbeitet 21.11.2024 06:19:08
In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196...
CVE-2021-44716
- EPSS 0.1%
- Veröffentlicht 01.01.2022 05:15:08
- Zuletzt bearbeitet 21.11.2024 06:31:26
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.
CVE-2021-34558
- EPSS 1.48%
- Veröffentlicht 15.07.2021 14:15:19
- Zuletzt bearbeitet 21.11.2024 06:10:40
The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.
CVE-2020-7919
- EPSS 0.63%
- Veröffentlicht 16.03.2020 21:15:12
- Zuletzt bearbeitet 21.11.2024 05:38:00
Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate.