Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 28 results


CVE-2022-30629

Medium priority

Some fixes available 10 of 13

Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.

8 affected packages

golang-1.11, golang-1.13, golang-1.15, golang-1.16, golang-1.17...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-1.11
golang-1.13 Not in release Fixed Fixed Fixed Fixed
golang-1.15
golang-1.16 Not in release Not in release Fixed Fixed Ignored
golang-1.17 Not in release Vulnerable
golang-1.18 Not in release Fixed Fixed Fixed Fixed
golang-1.7
golang-1.8 Not affected
Show all 8 packages Show less packages

CVE-2022-30580

Medium priority
Not affected

Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when...

6 affected packages

golang-1.11, golang-1.15, golang-1.17, golang-1.18, golang-1.7, golang-1.8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-1.11
golang-1.15
golang-1.17 Not affected
golang-1.18 Not affected Not affected Not affected
golang-1.7
golang-1.8 Not affected
Show less packages

CVE-2022-29804

Medium priority
Ignored

Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack.

6 affected packages

golang-1.11, golang-1.15, golang-1.17, golang-1.18, golang-1.7, golang-1.8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-1.11
golang-1.15
golang-1.17 Not affected
golang-1.18 Not affected Not affected Not affected
golang-1.7
golang-1.8 Not affected
Show less packages

CVE-2022-30634

Medium priority
Needs evaluation

Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.

6 affected packages

golang-1.11, golang-1.15, golang-1.17, golang-1.18, golang-1.7, golang-1.8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-1.11
golang-1.15
golang-1.17 Not in release Needs evaluation
golang-1.18 Not in release Not affected Not affected Not affected Not affected
golang-1.7
golang-1.8 Needs evaluation
Show less packages

CVE-2021-39293

Medium priority
Needs evaluation

In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete...

6 affected packages

golang-1.11, golang-1.15, golang-1.16, golang-1.17, golang-1.7, golang-1.8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-1.11 Not in release Not in release Not in release Not in release Ignored
golang-1.15 Not in release Not in release Ignored
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation Ignored
golang-1.17 Not in release Not affected Not in release Not in release Ignored
golang-1.7 Not in release Not in release Not in release Not in release Ignored
golang-1.8 Not in release Not in release Not in release Needs evaluation Ignored
Show less packages

CVE-2021-44717

Medium priority
Vulnerable

Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.

5 affected packages

golang-1.11, golang-1.15, golang-1.17, golang-1.7, golang-1.8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-1.11 Not in release Not in release Not in release Not in release Ignored
golang-1.15 Not in release Not in release Ignored
golang-1.17 Not in release Vulnerable Not in release Not in release Ignored
golang-1.7 Not in release Not in release Not in release Not in release Ignored
golang-1.8 Not in release Not in release Not in release Vulnerable Ignored
Show less packages

CVE-2021-44716

Medium priority

Some fixes available 5 of 21

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.

8 affected packages

golang-1.11, golang-1.15, golang-1.17, golang-1.7, golang-1.8...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-1.11 Not in release Not in release Not in release Not in release Ignored
golang-1.15 Not in release Not in release Ignored
golang-1.17 Not in release Vulnerable Not in release Not in release Ignored
golang-1.7 Not in release Not in release Not in release Not in release Ignored
golang-1.8 Not in release Not in release Not in release Vulnerable Ignored
golang-golang-x-net Not affected Not affected Not in release Not in release Not in release
golang-golang-x-net-dev Not in release Not in release Vulnerable Vulnerable Needs evaluation
google-guest-agent Fixed Fixed Fixed Vulnerable Vulnerable
Show all 8 packages Show less packages

CVE-2021-41772

Medium priority
Needs evaluation

Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.

6 affected packages

golang-1.11, golang-1.15, golang-1.16, golang-1.17, golang-1.7, golang-1.8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-1.11 Ignored
golang-1.15 Ignored
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation Ignored
golang-1.17 Not in release Needs evaluation Ignored
golang-1.7 Ignored
golang-1.8 Needs evaluation Ignored
Show less packages

CVE-2021-41771

Low priority
Needs evaluation

ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.

6 affected packages

golang-1.11, golang-1.15, golang-1.16, golang-1.17, golang-1.7, golang-1.8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-1.11 Ignored
golang-1.15 Ignored
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation Ignored
golang-1.17 Not in release Needs evaluation Ignored
golang-1.7 Ignored
golang-1.8 Needs evaluation Ignored
Show less packages

CVE-2021-33198

Low priority
Needs evaluation

In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.

5 affected packages

golang-1.11, golang-1.15, golang-1.16, golang-1.7, golang-1.8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-1.11 Not in release Not in release Not in release Not in release Ignored
golang-1.15 Not in release Not in release Ignored
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation Ignored
golang-1.7 Not in release Not in release Not in release Not in release Ignored
golang-1.8 Not in release Not in release Not in release Needs evaluation Ignored
Show less packages