Golang

Go

138 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2022-30633

  • EPSS 0.1%
  • Veröffentlicht 10.08.2022 20:15:42
  • Zuletzt bearbeitet 21.11.2024 07:03:04

Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag.

7.5

CVE-2022-30635

  • EPSS 0.1%
  • Veröffentlicht 10.08.2022 20:15:42
  • Zuletzt bearbeitet 21.11.2024 07:03:04

Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.

7.5

CVE-2022-30631

  • EPSS 0.04%
  • Veröffentlicht 10.08.2022 20:15:41
  • Zuletzt bearbeitet 20.10.2025 18:15:36

Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files.

7.5

CVE-2022-30632

  • EPSS 0.1%
  • Veröffentlicht 10.08.2022 20:15:41
  • Zuletzt bearbeitet 21.11.2024 07:03:04

Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.

7.8

CVE-2022-30580

  • EPSS 0.03%
  • Veröffentlicht 10.08.2022 20:15:40
  • Zuletzt bearbeitet 21.11.2024 07:02:58

Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset.

3.1

CVE-2022-30629

Exploit
  • EPSS 0.07%
  • Veröffentlicht 10.08.2022 20:15:40
  • Zuletzt bearbeitet 21.11.2024 07:03:03

Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.

7.5

CVE-2022-30630

  • EPSS 0.04%
  • Veröffentlicht 10.08.2022 20:15:40
  • Zuletzt bearbeitet 21.11.2024 07:03:03

Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators.

7.5

CVE-2022-29804

  • EPSS 0.04%
  • Veröffentlicht 10.08.2022 20:15:34
  • Zuletzt bearbeitet 21.11.2024 06:59:42

Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack.

7.5

CVE-2022-28131

  • EPSS 0.02%
  • Veröffentlicht 10.08.2022 20:15:32
  • Zuletzt bearbeitet 21.11.2024 06:56:48

Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.

5.5

CVE-2022-1962

Exploit
  • EPSS 0.01%
  • Veröffentlicht 10.08.2022 20:15:26
  • Zuletzt bearbeitet 21.11.2024 06:41:50

Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.