Search CVE reports
71 – 77 of 77 results
CVE-2021-33198
Low priorityIn Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.
5 affected packages
golang-1.11, golang-1.15, golang-1.16, golang-1.7, golang-1.8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-1.11 | Not in release | Not in release | Not in release | Not in release | Ignored |
| golang-1.15 | — | — | Not in release | Not in release | Ignored |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation | Ignored |
| golang-1.7 | Not in release | Not in release | Not in release | Not in release | Ignored |
| golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation | Ignored |
CVE-2021-33197
Medium priorityIn Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.
5 affected packages
golang-1.11, golang-1.15, golang-1.16, golang-1.7, golang-1.8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-1.11 | Not in release | Not in release | Not in release | Not in release | Ignored |
| golang-1.15 | — | — | Not in release | Not in release | Ignored |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation | Ignored |
| golang-1.7 | Not in release | Not in release | Not in release | Not in release | Ignored |
| golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation | Ignored |
CVE-2021-33196
Medium priorityIn archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic.
5 affected packages
golang-1.11, golang-1.15, golang-1.16, golang-1.7, golang-1.8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-1.11 | Not in release | Not in release | Not in release | Not in release | Ignored |
| golang-1.15 | — | — | Not in release | Not in release | Ignored |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation | Ignored |
| golang-1.7 | Not in release | Not in release | Not in release | Not in release | Ignored |
| golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation | Ignored |
CVE-2021-33195
Medium priorityGo before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.
5 affected packages
golang-1.11, golang-1.15, golang-1.16, golang-1.7, golang-1.8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-1.11 | Not in release | Not in release | Not in release | Not in release | Ignored |
| golang-1.15 | — | — | Not in release | Not in release | Ignored |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation | Ignored |
| golang-1.7 | Not in release | Not in release | Not in release | Not in release | Ignored |
| golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation | Ignored |
CVE-2021-34558
Medium priorityThe crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS...
9 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.15...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.10 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.13 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Needs evaluation | Not in release | Not in release |
| golang-1.15 | — | — | Not in release | Not in release | Not in release |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation | Ignored |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation | Not in release |
| golang-1.9 | Not in release | Not in release | Not in release | Needs evaluation | Not in release |
CVE-2012-2666
Low prioritygolang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script.
9 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.15...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang | — | Not in release | Not in release | Not in release | Not in release |
| golang-1.10 | — | Not in release | Not in release | Not affected | Not affected |
| golang-1.13 | — | Not affected | Not affected | Not affected | Not affected |
| golang-1.14 | — | Not in release | Not affected | Not in release | Not in release |
| golang-1.15 | — | — | Not in release | Not in release | Not in release |
| golang-1.16 | — | Not in release | Not affected | Not affected | Ignored |
| golang-1.6 | — | Not in release | Not in release | Not in release | Not affected |
| golang-1.8 | — | Not in release | Not in release | Not affected | Not in release |
| golang-1.9 | — | Not in release | Not in release | Not affected | Not in release |
CVE-2021-31525
Low prioritynet/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some...
6 affected packages
golang-1.11, golang-1.15, golang-1.16, golang-golang-x-net, golang-golang-x-net-dev, google-guest-agent
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-1.11 | Not in release | Not in release | Not in release | Not in release | Ignored |
| golang-1.15 | — | — | Not in release | Not in release | Ignored |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation | Ignored |
| golang-golang-x-net | Not affected | Not affected | Not in release | Not in release | Not in release |
| golang-golang-x-net-dev | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| google-guest-agent | Not affected | Not affected | Not affected | Not affected | Needs evaluation |