Search CVE reports
1 – 10 of 11 results
CVE-2020-14039
Medium priorityIn Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus, X.509 certificate...
10 affected packages
golang, golang-1.10, golang-1.11, golang-1.12, golang-1.13...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang | — | — | Not in release | Not in release | Not in release |
golang-1.10 | — | — | Not in release | Not affected | Not affected |
golang-1.11 | — | — | Not in release | Not in release | Not in release |
golang-1.12 | — | — | Not in release | Not in release | Not in release |
golang-1.13 | — | — | Not affected | Not affected | Not affected |
golang-1.14 | — | — | Not affected | Not in release | Not in release |
golang-1.15 | — | — | Not in release | Not in release | Not in release |
golang-1.6 | — | — | Not in release | Not in release | Not affected |
golang-1.8 | — | — | Not in release | Not affected | Not in release |
golang-1.9 | — | — | Not in release | Not affected | Not in release |
CVE-2020-7919
Medium prioritySome fixes available 3 of 12
Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate.
9 affected packages
golang, golang-1.10, golang-1.11, golang-1.12, golang-1.13...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang | Not in release | Not in release | Not in release | Not in release | Not in release |
golang-1.10 | Not in release | Not in release | Not in release | Vulnerable | Needs evaluation |
golang-1.11 | Not in release | Not in release | Not in release | Not in release | Not in release |
golang-1.12 | Not in release | Not in release | Not in release | Not in release | Not in release |
golang-1.13 | Not in release | Not affected | Not affected | Vulnerable | Vulnerable |
golang-1.14 | Not in release | Not in release | Fixed | Not in release | Not in release |
golang-1.6 | Not in release | Not in release | Not in release | Not in release | Not affected |
golang-1.8 | Not in release | Not in release | Not in release | Not affected | Not in release |
golang-1.9 | Not in release | Not in release | Not in release | Not affected | Not in release |
CVE-2019-17596
Medium prioritySome fixes available 8 of 19
Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies...
8 affected packages
golang, golang-1.10, golang-1.11, golang-1.12, golang-1.13...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang | Not in release | Not in release | Not in release | Not in release | Not in release |
golang-1.10 | Not in release | Not in release | Not in release | Vulnerable | Needs evaluation |
golang-1.11 | Not in release | Not in release | Not in release | Not in release | Not in release |
golang-1.12 | Not in release | Not in release | Not in release | Not in release | Not in release |
golang-1.13 | Not in release | Fixed | Fixed | Fixed | Fixed |
golang-1.6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
golang-1.8 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
golang-1.9 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
CVE-2019-16276
Medium priorityGo before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.
9 affected packages
golang, golang-1.10, golang-1.11, golang-1.12, golang-1.13...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang | Not in release | Not in release | Not in release | Not in release | Not in release |
golang-1.10 | Not in release | Not in release | Not in release | Vulnerable | Needs evaluation |
golang-1.11 | Not in release | Not in release | Not in release | Not in release | Not in release |
golang-1.12 | Not in release | Not in release | Not in release | Not in release | Not in release |
golang-1.13 | Not in release | Not affected | Not affected | Not affected | Not affected |
golang-1.6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
golang-1.7 | Not in release | Not in release | Not in release | Not in release | Not in release |
golang-1.8 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
golang-1.9 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
CVE-2019-14809
Medium prioritynet/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor...
8 affected packages
golang, golang-1.10, golang-1.11, golang-1.12, golang-1.6...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang | Not in release | Not in release | Not in release | Not in release | Not in release |
golang-1.10 | Not in release | Not in release | Not in release | Vulnerable | Needs evaluation |
golang-1.11 | Not in release | Not in release | Not in release | Not in release | Not in release |
golang-1.12 | Not in release | Not in release | Not in release | Not in release | Not in release |
golang-1.6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
golang-1.7 | Not in release | Not in release | Not in release | Not in release | Not in release |
golang-1.8 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
golang-1.9 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
CVE-2019-9514
Medium prioritySome fixes available 13 of 77
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream...
16 affected packages
golang, golang-1.10, golang-1.11, golang-1.12, golang-1.6...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang | Not in release | Not in release | Not in release | Not in release | Not in release |
golang-1.10 | Not in release | Not in release | Not in release | Vulnerable | Needs evaluation |
golang-1.11 | Not in release | Not in release | Not in release | Not in release | Not in release |
golang-1.12 | Not in release | Not in release | Not in release | Not in release | Not in release |
golang-1.6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
golang-1.7 | Not in release | Not in release | Not in release | Not in release | Not in release |
golang-1.8 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
golang-1.9 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
golang-google-grpc | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
grpc | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
h2o | Not affected | Not affected | Not affected | Needs evaluation | Not in release |
netty | Vulnerable | Vulnerable | Vulnerable | Fixed | Not affected |
nginx | Not affected | Not affected | Not affected | Not affected | Not affected |
nodejs | Not affected | Not affected | Not affected | Ignored | Ignored |
trafficserver | Not affected | Not affected | Not affected | Vulnerable | Needs evaluation |
twisted | Fixed | Fixed | Fixed | Fixed | Not affected |
CVE-2019-9512
Medium prioritySome fixes available 13 of 42
Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on...
13 affected packages
golang, golang-1.10, golang-1.11, golang-1.12, golang-1.6...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang | Not in release | Not in release | Not in release | Not in release | Not in release |
golang-1.10 | Not in release | Not in release | Not in release | Vulnerable | Needs evaluation |
golang-1.11 | Not in release | Not in release | Not in release | Not in release | Not in release |
golang-1.12 | Not in release | Not in release | Not in release | Not in release | Not in release |
golang-1.6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
golang-1.7 | Not in release | Not in release | Not in release | Not in release | Not in release |
golang-1.8 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
golang-1.9 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
h2o | Not affected | Not affected | Not affected | Needs evaluation | Not in release |
netty | Vulnerable | Vulnerable | Vulnerable | Fixed | Not affected |
nginx | Not affected | Not affected | Not affected | Not affected | Not affected |
trafficserver | Not affected | Not affected | Not affected | Vulnerable | Needs evaluation |
twisted | Fixed | Fixed | Fixed | Fixed | Not affected |
CVE-2019-11888
Medium priorityGo through 1.12.5 on Windows mishandles process creation with a nil environment in conjunction with a non-nil token, which allows attackers to obtain sensitive information or gain privileges.
8 affected packages
golang, golang-1.10, golang-1.11, golang-1.12, golang-1.6...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang | — | — | — | Not in release | Not in release |
golang-1.10 | — | — | — | Not affected | Not affected |
golang-1.11 | — | — | — | Not in release | Not in release |
golang-1.12 | — | — | — | Not in release | Not in release |
golang-1.6 | — | — | — | Not in release | Not affected |
golang-1.7 | — | — | — | Not in release | Not in release |
golang-1.8 | — | — | — | Not affected | Not in release |
golang-1.9 | — | — | — | Not affected | Not in release |
CVE-2019-9741
Medium priorityAn issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command.
8 affected packages
golang, golang-1.10, golang-1.11, golang-1.12, golang-1.6...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang | Not in release | Not in release | Not in release | Not in release | Not in release |
golang-1.10 | Not in release | Not in release | Not in release | Vulnerable | Needs evaluation |
golang-1.11 | Not in release | Not in release | Not in release | Not in release | Not in release |
golang-1.12 | Not in release | Not in release | Not in release | Not in release | Not in release |
golang-1.6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
golang-1.7 | Not in release | Not in release | Not in release | Not in release | Not in release |
golang-1.8 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
golang-1.9 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
CVE-2019-9634
Low priorityGo through 1.12 on Windows misuses certain LoadLibrary functionality, leading to DLL injection.
8 affected packages
golang, golang-1.10, golang-1.11, golang-1.12, golang-1.6...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang | — | — | — | Not in release | Not in release |
golang-1.10 | — | — | — | Not affected | Not affected |
golang-1.11 | — | — | — | Not in release | Not in release |
golang-1.12 | — | — | — | Not in release | Not in release |
golang-1.6 | — | — | — | Not in release | Not affected |
golang-1.7 | — | — | — | Not in release | Not in release |
golang-1.8 | — | — | — | Not affected | Not in release |
golang-1.9 | — | — | — | Not affected | Not in release |