Search CVE reports
51 – 60 of 63 results
CVE-2022-30631
Medium priorityUncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files.
3 affected packages
golang-1.13, golang-1.16, golang-1.18
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-1.13 | — | Fixed | Fixed | Fixed | Fixed |
| golang-1.16 | — | Not in release | Fixed | Fixed | Ignored |
| golang-1.18 | — | Fixed | Fixed | Fixed | Not in release |
CVE-2022-30630
Medium prioritySome fixes available 5 of 7
Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators.
3 affected packages
golang-1.13, golang-1.16, golang-1.18
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-1.13 | — | Not affected | Not affected | Not affected | Not affected |
| golang-1.16 | — | Not in release | Fixed | Fixed | Ignored |
| golang-1.18 | — | Fixed | Fixed | Fixed | Not in release |
CVE-2022-30629
Medium prioritySome fixes available 10 of 13
Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.
8 affected packages
golang-1.11, golang-1.13, golang-1.15, golang-1.16, golang-1.17...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-1.11 | — | — | — | — | — |
| golang-1.13 | Not in release | Fixed | Fixed | Fixed | Fixed |
| golang-1.15 | — | — | — | — | — |
| golang-1.16 | Not in release | Not in release | Fixed | Fixed | Ignored |
| golang-1.17 | Not in release | Vulnerable | — | — | — |
| golang-1.18 | Not in release | Fixed | Fixed | Fixed | Fixed |
| golang-1.7 | — | — | — | — | — |
| golang-1.8 | — | — | — | Not affected | — |
CVE-2022-30580
Medium priorityCode injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when...
6 affected packages
golang-1.11, golang-1.15, golang-1.17, golang-1.18, golang-1.7, golang-1.8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-1.11 | — | — | — | — | — |
| golang-1.15 | — | — | — | — | — |
| golang-1.17 | — | Not affected | — | — | — |
| golang-1.18 | — | Not affected | Not affected | Not affected | — |
| golang-1.7 | — | — | — | — | — |
| golang-1.8 | — | — | — | Not affected | — |
CVE-2022-29804
Medium priorityIncorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack.
6 affected packages
golang-1.11, golang-1.15, golang-1.17, golang-1.18, golang-1.7, golang-1.8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-1.11 | — | — | — | — | — |
| golang-1.15 | — | — | — | — | — |
| golang-1.17 | — | Not affected | — | — | — |
| golang-1.18 | — | Not affected | Not affected | Not affected | — |
| golang-1.7 | — | — | — | — | — |
| golang-1.8 | — | — | — | Not affected | — |
CVE-2022-28131
Medium priorityUncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.
3 affected packages
golang-1.13, golang-1.16, golang-1.18
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-1.13 | — | Fixed | Fixed | Fixed | Fixed |
| golang-1.16 | — | Not in release | Fixed | Fixed | Ignored |
| golang-1.18 | — | Fixed | Fixed | Fixed | Not in release |
CVE-2022-1962
Medium priorityUncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.
1 affected packages
golang-1.18
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-1.18 | — | Fixed | Fixed | Fixed | Not in release |
CVE-2022-1705
Medium priorityAcceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the...
3 affected packages
golang-1.13, golang-1.16, golang-1.18
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-1.13 | — | Fixed | Fixed | Fixed | Fixed |
| golang-1.16 | — | Not in release | Fixed | Fixed | Ignored |
| golang-1.18 | — | Fixed | Fixed | Fixed | Not in release |
CVE-2022-30634
Medium priorityInfinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.
6 affected packages
golang-1.11, golang-1.15, golang-1.17, golang-1.18, golang-1.7, golang-1.8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-1.11 | — | — | — | — | — |
| golang-1.15 | — | — | — | — | — |
| golang-1.17 | Not in release | Needs evaluation | — | — | — |
| golang-1.18 | Not in release | Not affected | Not affected | Not affected | Not affected |
| golang-1.7 | — | — | — | — | — |
| golang-1.8 | — | — | — | Needs evaluation | — |
CVE-2022-29526
Medium prioritySome fixes available 6 of 19
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.
11 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.15...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.10 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.13 | Not in release | Not affected | Not affected | Not affected | Not affected |
| golang-1.14 | Not in release | Not in release | Needs evaluation | Not in release | Not in release |
| golang-1.15 | — | — | Not in release | Not in release | Not in release |
| golang-1.16 | Not in release | Not in release | Fixed | Fixed | Ignored |
| golang-1.17 | Not in release | Needs evaluation | Not in release | Not in release | Ignored |
| golang-1.18 | Not in release | Fixed | Fixed | Fixed | Fixed |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation | Not in release |
| golang-1.9 | Not in release | Not in release | Not in release | Needs evaluation | Not in release |