Search CVE reports
1 – 10 of 21 results
CVE-2025-22866
Medium priorityDue to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do...
15 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | — | — |
| golang-1.10 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.13 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Needs evaluation | — | — |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
| golang-1.17 | Not in release | Needs evaluation | Not in release | — | — |
| golang-1.18 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.20 | Not in release | Needs evaluation | Needs evaluation | — | — |
| golang-1.21 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.22 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.23 | Needs evaluation | Needs evaluation | Not in release | — | — |
| golang-1.24 | Not in release | Not in release | Not in release | — | — |
| golang-1.6 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation | — |
| golang-1.9 | Not in release | Not in release | Not in release | Needs evaluation | — |
CVE-2024-45341
Medium priorityA certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only...
18 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | — | — |
| golang-1.10 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.13 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Needs evaluation | — | — |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
| golang-1.17 | Not in release | Needs evaluation | Not in release | — | — |
| golang-1.18 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.20 | Not in release | Needs evaluation | Needs evaluation | — | — |
| golang-1.21 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.22 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.23 | Needs evaluation | Needs evaluation | Not in release | — | — |
| golang-1.24 | Not in release | Not in release | Not in release | — | — |
| golang-1.6 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation | — |
| golang-1.9 | Not in release | Not in release | Not in release | Needs evaluation | — |
| golang-go.crypto | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| lxd | Not in release | Not in release | Not affected | Needs evaluation | Needs evaluation |
| snapd | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-45336
Medium priorityThe HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event...
16 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.10 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.13 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Needs evaluation | Not in release | Not in release |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation | Not in release |
| golang-1.17 | Not in release | Needs evaluation | Not in release | Not in release | Not in release |
| golang-1.18 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.19 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.20 | Not in release | Needs evaluation | Needs evaluation | Not in release | Not in release |
| golang-1.21 | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Not in release |
| golang-1.22 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.23 | Needs evaluation | Needs evaluation | Not in release | — | — |
| golang-1.24 | Not in release | Not in release | Not in release | — | — |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation | Not in release |
| golang-1.9 | Not in release | Not in release | Not in release | Needs evaluation | Not in release |
CVE-2025-22865
Medium priorityUsing ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed.
15 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | — | — |
| golang-1.10 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.13 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Needs evaluation | — | — |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
| golang-1.17 | Not in release | Needs evaluation | Not in release | — | — |
| golang-1.18 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.20 | Not in release | Needs evaluation | Needs evaluation | — | — |
| golang-1.21 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.22 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.23 | Needs evaluation | Needs evaluation | Not in release | — | — |
| golang-1.24 | Not in release | Not in release | Not in release | — | — |
| golang-1.6 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation | — |
| golang-1.9 | Not in release | Not in release | Not in release | Needs evaluation | — |
CVE-2024-45340
Medium priorityCredentials provided via the new GOAUTH feature were not being properly segmented by domain, allowing a malicious server to request credentials they should not have access to. By default, unless otherwise set, this only affected...
15 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | — | — |
| golang-1.10 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.13 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Needs evaluation | — | — |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
| golang-1.17 | Not in release | Needs evaluation | Not in release | — | — |
| golang-1.18 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.20 | Not in release | Needs evaluation | Needs evaluation | — | — |
| golang-1.21 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.22 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.23 | Needs evaluation | Needs evaluation | Not in release | — | — |
| golang-1.24 | Not in release | Not in release | Not in release | — | — |
| golang-1.6 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation | — |
| golang-1.9 | Not in release | Not in release | Not in release | Needs evaluation | — |
CVE-2024-34158
Medium prioritySome fixes available 8 of 26
Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.
14 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | — | — |
| golang-1.10 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.13 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Needs evaluation | — | — |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
| golang-1.17 | Not in release | Fixed | Not in release | — | — |
| golang-1.18 | Not in release | Fixed | Fixed | Fixed | Fixed |
| golang-1.19 | Not in release | Not in release | Not in release | — | — |
| golang-1.20 | Not in release | Needs evaluation | Needs evaluation | — | — |
| golang-1.21 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.22 | Fixed | Fixed | Fixed | — | — |
| golang-1.6 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation | — |
| golang-1.9 | Not in release | Not in release | Not in release | Needs evaluation | — |
CVE-2024-34156
Medium prioritySome fixes available 8 of 26
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
14 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | — | — |
| golang-1.10 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.13 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Needs evaluation | — | — |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
| golang-1.17 | Not in release | Fixed | Not in release | — | — |
| golang-1.18 | Not in release | Fixed | Fixed | Fixed | Fixed |
| golang-1.19 | Not in release | Not in release | Not in release | — | — |
| golang-1.20 | Not in release | Needs evaluation | Needs evaluation | — | — |
| golang-1.21 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.22 | Fixed | Fixed | Fixed | — | — |
| golang-1.6 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation | — |
| golang-1.9 | Not in release | Not in release | Not in release | Needs evaluation | — |
CVE-2024-34155
Medium prioritySome fixes available 8 of 26
Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.
14 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | — | — |
| golang-1.10 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.13 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Needs evaluation | — | — |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
| golang-1.17 | Not in release | Fixed | Not in release | — | — |
| golang-1.18 | Not in release | Fixed | Fixed | Fixed | Fixed |
| golang-1.19 | Not in release | Not in release | Not in release | — | — |
| golang-1.20 | Not in release | Needs evaluation | Needs evaluation | — | — |
| golang-1.21 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.22 | Fixed | Fixed | Fixed | — | — |
| golang-1.6 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation | — |
| golang-1.9 | Not in release | Not in release | Not in release | Needs evaluation | — |
CVE-2024-24791
Medium prioritySome fixes available 8 of 29
The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an...
14 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | — | — |
| golang-1.10 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.13 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Needs evaluation | — | — |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
| golang-1.17 | Not in release | Fixed | Not in release | — | — |
| golang-1.18 | Not in release | Fixed | Fixed | Fixed | Fixed |
| golang-1.19 | Not in release | Not in release | Not in release | — | — |
| golang-1.20 | Not in release | Needs evaluation | Needs evaluation | — | — |
| golang-1.21 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.22 | Fixed | Fixed | Fixed | — | — |
| golang-1.6 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation | — |
| golang-1.9 | Not in release | Not in release | Not in release | Needs evaluation | — |
CVE-2023-24531
Medium prioritySome fixes available 5 of 26
Command go env is documented as outputting a shell script containing the Go environment. However, go env doesn't sanitize values, so executing its output as a shell script can cause various bad bahaviors, including executing...
14 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | — | — |
| golang-1.10 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.13 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Needs evaluation | — | — |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
| golang-1.17 | Not in release | Fixed | Not in release | — | — |
| golang-1.18 | Not in release | Fixed | Fixed | Fixed | Fixed |
| golang-1.19 | Not in release | Not in release | Not in release | — | — |
| golang-1.20 | Not in release | Needs evaluation | Needs evaluation | — | — |
| golang-1.21 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.22 | Not affected | Not affected | Not affected | — | — |
| golang-1.6 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation | — |
| golang-1.9 | Not in release | Not in release | Not in release | Needs evaluation | — |