Search CVE reports

51 – 60 of 69 results

Detailed view

Sort by:

CVE-2022-27664

Medium priority

Some fixes available 15 of 32

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.

14 affected packages

containerd, golang, golang-1.10, golang-1.13, golang-1.14...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
containerd	Not affected	Not affected	Not affected	Not affected	Not affected
golang	—	Not in release	Not in release	Not in release	Ignored
golang-1.10	—	Not in release	Not in release	Vulnerable	Vulnerable
golang-1.13	Not in release	Fixed	Fixed	Fixed	Fixed
golang-1.14	—	Not in release	Vulnerable	Not in release	Ignored
golang-1.16	—	Not in release	Fixed	Fixed	Ignored
golang-1.17	—	Vulnerable	Not in release	Not in release	Ignored
golang-1.18	Not in release	Fixed	Fixed	Fixed	Fixed
golang-1.6	—	Not in release	Not in release	Not in release	Vulnerable
golang-1.8	—	Not in release	Not in release	Vulnerable	Ignored
golang-1.9	—	Not in release	Not in release	Vulnerable	Ignored
golang-golang-x-net	Not affected	Vulnerable	Not in release	Not in release	Not in release
golang-golang-x-net-dev	Not in release	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
google-guest-agent	Fixed	Fixed	Fixed	Needs evaluation	Needs evaluation

CVE-2022-32189

Medium priority

Some fixes available 10 of 19

A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service.

11 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.15...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang	Not in release	Not in release	Not in release	Not in release	Not in release
golang-1.10	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
golang-1.13	Not in release	Fixed	Fixed	Fixed	Fixed
golang-1.14	Not in release	Not in release	Needs evaluation	Not in release	Not in release
golang-1.15	—	—	Not in release	Not in release	Not in release
golang-1.16	Not in release	Not in release	Fixed	Fixed	Ignored
golang-1.17	Not in release	Needs evaluation	Not in release	Not in release	Ignored
golang-1.18	Not in release	Fixed	Fixed	Fixed	Fixed
golang-1.6	Not in release	Not in release	Not in release	Not in release	Needs evaluation
golang-1.8	Not in release	Not in release	Not in release	Needs evaluation	Not in release
golang-1.9	Not in release	Not in release	Not in release	Needs evaluation	Not in release

Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For...

3 affected packages

golang-1.13, golang-1.16, golang-1.18

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang-1.13	—	Fixed	Fixed	Fixed	Fixed
golang-1.16	—	Not in release	Fixed	Fixed	Ignored
golang-1.18	—	Fixed	Fixed	Fixed	Not in release

CVE-2022-30635

Medium priority

Fixed

Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.

3 affected packages

golang-1.13, golang-1.16, golang-1.18

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang-1.13	—	Fixed	Fixed	Fixed	Fixed
golang-1.16	—	Not in release	Fixed	Fixed	Ignored
golang-1.18	—	Fixed	Fixed	Fixed	Not in release

CVE-2022-30633

Medium priority

Fixed

Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses...

3 affected packages

golang-1.13, golang-1.16, golang-1.18

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang-1.13	—	Fixed	Fixed	Fixed	Fixed
golang-1.16	—	Not in release	Fixed	Fixed	Ignored
golang-1.18	—	Fixed	Fixed	Fixed	Not in release

CVE-2022-30632

Medium priority

Fixed

Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.

3 affected packages

golang-1.13, golang-1.16, golang-1.18

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang-1.13	—	Fixed	Fixed	Fixed	Fixed
golang-1.16	—	Not in release	Fixed	Fixed	Ignored
golang-1.18	—	Fixed	Fixed	Fixed	Not in release

CVE-2022-30631

Medium priority

Fixed

Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files.

3 affected packages

golang-1.13, golang-1.16, golang-1.18

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang-1.13	—	Fixed	Fixed	Fixed	Fixed
golang-1.16	—	Not in release	Fixed	Fixed	Ignored
golang-1.18	—	Fixed	Fixed	Fixed	Not in release

CVE-2022-30630

Medium priority

Some fixes available 5 of 7

Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators.

3 affected packages

golang-1.13, golang-1.16, golang-1.18

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang-1.13	—	Not affected	Not affected	Not affected	Not affected
golang-1.16	—	Not in release	Fixed	Fixed	Ignored
golang-1.18	—	Fixed	Fixed	Fixed	Not in release

CVE-2022-30629

Medium priority

Some fixes available 10 of 13

Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.

8 affected packages

golang-1.11, golang-1.13, golang-1.15, golang-1.16, golang-1.17...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang-1.11	—	—	—	—	—
golang-1.13	Not in release	Fixed	Fixed	Fixed	Fixed
golang-1.15	—	—	—	—	—
golang-1.16	Not in release	Not in release	Fixed	Fixed	Ignored
golang-1.17	Not in release	Vulnerable	—	—	—
golang-1.18	Not in release	Fixed	Fixed	Fixed	Fixed
golang-1.7	—	—	—	—	—
golang-1.8	—	—	—	Not affected	—

CVE-2022-30580

Medium priority

Not affected

Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when...

6 affected packages

golang-1.11, golang-1.15, golang-1.17, golang-1.18, golang-1.7, golang-1.8

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang-1.11	—	—	—	—	—
golang-1.15	—	—	—	—	—
golang-1.17	—	Not affected	—	—	—
golang-1.18	—	Not affected	Not affected	Not affected	—
golang-1.7	—	—	—	—	—
golang-1.8	—	—	—	Not affected	—

Export to JSON

Results by page: