Search CVE reports

51 – 60 of 62 results

Detailed view

Sort by:

CVE-2022-29526

Medium priority

Some fixes available 6 of 19

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.

11 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.15...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang	Not in release	Not in release	Not in release	Not in release	Not in release
golang-1.10	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
golang-1.13	Not in release	Not affected	Not affected	Not affected	Not affected
golang-1.14	Not in release	Not in release	Needs evaluation	Not in release	Not in release
golang-1.15	—	—	Not in release	Not in release	Not in release
golang-1.16	Not in release	Not in release	Fixed	Fixed	Ignored
golang-1.17	Not in release	Needs evaluation	Not in release	Not in release	Ignored
golang-1.18	Not in release	Fixed	Fixed	Fixed	Fixed
golang-1.6	Not in release	Not in release	Not in release	Not in release	Needs evaluation
golang-1.8	Not in release	Not in release	Not in release	Needs evaluation	Not in release
golang-1.9	Not in release	Not in release	Not in release	Needs evaluation	Not in release

CVE-2022-28327

Medium priority

Some fixes available 4 of 6

The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.

2 affected packages

golang-1.17, golang-1.18

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang-1.17	Not in release	Needs evaluation	—	—	Ignored
golang-1.18	Not in release	Fixed	Fixed	Fixed	Fixed

Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic.

2 affected packages

golang-1.17, golang-1.18

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang-1.17	—	Not affected	—	—	Ignored
golang-1.18	—	Not affected	Not affected	Not affected	Ignored

CVE-2022-24675

Medium priority

Some fixes available 4 of 6

encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.

2 affected packages

golang-1.17, golang-1.18

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang-1.17	Not in release	Needs evaluation	—	—	Ignored
golang-1.18	Not in release	Fixed	Fixed	Fixed	Fixed

CVE-2022-24921

Low priority

Needs evaluation

regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.

9 affected packages

golang-1.10, golang-1.13, golang-1.14, golang-1.15, golang-1.16...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang-1.10	—	—	—	Needs evaluation	Needs evaluation
golang-1.13	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
golang-1.14	—	—	Needs evaluation	—	Ignored
golang-1.15	—	—	—	—	Ignored
golang-1.16	Not in release	Not in release	Needs evaluation	Needs evaluation	Ignored
golang-1.17	Not in release	Needs evaluation	—	—	Ignored
golang-1.6	—	—	—	—	Needs evaluation
golang-1.8	—	—	—	Needs evaluation	Ignored
golang-1.9	—	—	—	Needs evaluation	Ignored

CVE-2022-23773

Medium priority

Needs evaluation

cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.

10 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.15...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang	Not in release	Not in release	Not in release	Not in release	Not in release
golang-1.10	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
golang-1.13	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
golang-1.14	Not in release	Not in release	Needs evaluation	Not in release	Not in release
golang-1.15	—	—	Not in release	Not in release	Not in release
golang-1.16	Not in release	Not in release	Needs evaluation	Needs evaluation	Ignored
golang-1.17	Not in release	Needs evaluation	Not in release	Not in release	Ignored
golang-1.6	Not in release	Not in release	Not in release	Not in release	Needs evaluation
golang-1.8	Not in release	Not in release	Not in release	Needs evaluation	Not in release
golang-1.9	Not in release	Not in release	Not in release	Needs evaluation	Not in release

CVE-2022-23772

Medium priority

Needs evaluation

Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.

10 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.15...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang	Not in release	Not in release	Not in release	Not in release	Not in release
golang-1.10	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
golang-1.13	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
golang-1.14	Not in release	Not in release	Needs evaluation	Not in release	Not in release
golang-1.15	—	—	Not in release	Not in release	Not in release
golang-1.16	Not in release	Not in release	Needs evaluation	Needs evaluation	Ignored
golang-1.17	Not in release	Needs evaluation	Not in release	Not in release	Ignored
golang-1.6	Not in release	Not in release	Not in release	Not in release	Needs evaluation
golang-1.8	Not in release	Not in release	Not in release	Needs evaluation	Not in release
golang-1.9	Not in release	Not in release	Not in release	Needs evaluation	Not in release

CVE-2021-39293

Medium priority

Needs evaluation

In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete...

6 affected packages

golang-1.11, golang-1.15, golang-1.16, golang-1.17, golang-1.7, golang-1.8

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang-1.11	Not in release	Not in release	Not in release	Not in release	Ignored
golang-1.15	—	—	Not in release	Not in release	Ignored
golang-1.16	Not in release	Not in release	Needs evaluation	Needs evaluation	Ignored
golang-1.17	Not in release	Not affected	Not in release	Not in release	Ignored
golang-1.7	Not in release	Not in release	Not in release	Not in release	Ignored
golang-1.8	Not in release	Not in release	Not in release	Needs evaluation	Ignored

CVE-2021-44717

Medium priority

Vulnerable

Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.

5 affected packages

golang-1.11, golang-1.15, golang-1.17, golang-1.7, golang-1.8

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang-1.11	Not in release	Not in release	Not in release	Not in release	Ignored
golang-1.15	—	—	Not in release	Not in release	Ignored
golang-1.17	Not in release	Vulnerable	Not in release	Not in release	Ignored
golang-1.7	Not in release	Not in release	Not in release	Not in release	Ignored
golang-1.8	Not in release	Not in release	Not in release	Vulnerable	Ignored

CVE-2021-44716

Medium priority

Some fixes available 5 of 21

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.

8 affected packages

golang-1.11, golang-1.15, golang-1.17, golang-1.7, golang-1.8...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang-1.11	Not in release	Not in release	Not in release	Not in release	Ignored
golang-1.15	—	—	Not in release	Not in release	Ignored
golang-1.17	Not in release	Vulnerable	Not in release	Not in release	Ignored
golang-1.7	Not in release	Not in release	Not in release	Not in release	Ignored
golang-1.8	Not in release	Not in release	Not in release	Vulnerable	Ignored
golang-golang-x-net	Not affected	Not affected	Not in release	Not in release	Not in release
golang-golang-x-net-dev	Not in release	Not in release	Vulnerable	Vulnerable	Needs evaluation
google-guest-agent	Fixed	Fixed	Fixed	Vulnerable	Vulnerable

Export to JSON

Results by page: