Golang

Go

125 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2022-30632

  • EPSS 0.08%
  • Published 10.08.2022 20:15:41
  • Last modified 21.11.2024 07:03:04

Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.

7.8

CVE-2022-30580

  • EPSS 0.03%
  • Published 10.08.2022 20:15:40
  • Last modified 21.11.2024 07:02:58

Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset.

3.1

CVE-2022-30629

Exploit
  • EPSS 0.07%
  • Published 10.08.2022 20:15:40
  • Last modified 21.11.2024 07:03:03

Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.

7.5

CVE-2022-30630

  • EPSS 0.03%
  • Published 10.08.2022 20:15:40
  • Last modified 21.11.2024 07:03:03

Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators.

7.5

CVE-2022-29804

  • EPSS 0.19%
  • Published 10.08.2022 20:15:34
  • Last modified 21.11.2024 06:59:42

Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack.

7.5

CVE-2022-28131

  • EPSS 0.01%
  • Published 10.08.2022 20:15:32
  • Last modified 21.11.2024 06:56:48

Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.

5.5

CVE-2022-1962

Exploit
  • EPSS 0.01%
  • Published 10.08.2022 20:15:26
  • Last modified 21.11.2024 06:41:50

Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.

6.5

CVE-2022-1705

Exploit
  • EPSS 0.05%
  • Published 10.08.2022 20:15:25
  • Last modified 21.11.2024 06:41:17

Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.

7.5

CVE-2022-30634

Exploit
  • EPSS 0.02%
  • Published 15.07.2022 20:15:08
  • Last modified 21.11.2024 07:03:04

Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.

5.3

CVE-2022-29526

Exploit
  • EPSS 0.17%
  • Published 23.06.2022 17:15:12
  • Last modified 21.11.2024 06:59:15

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.