Vulnerabilities > Golang
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-05 | CVE-2024-24789 | Unspecified vulnerability in Golang GO The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. | 5.5 |
| 2024-06-05 | CVE-2024-24790 | Unspecified vulnerability in Golang GO The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. | 9.8 |
| 2023-12-18 | CVE-2023-48795 | Improper Validation of Integrity Check Value vulnerability in multiple products The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. network high complexity openbsd putty filezilla-project microsoft panic roumenpetrov winscp bitvise lancom-systems vandyke libssh net-ssh ssh2-project proftpd freebsd crates tera-term-project oryx-embedded crushftp netsarang paramiko redhat golang russh-project sftpgo-project erlang matez libssh2 asyncssh-project dropbear-ssh-project jadaptive ssh thorntech netgate connectbot apache tinyssh trilead 9bis gentoo fedoraproject debian apple CWE-354 | 5.9 |
| 2023-12-06 | CVE-2023-39326 | Unspecified vulnerability in Golang GO A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. | 5.3 |
| 2023-12-06 | CVE-2023-45285 | Unspecified vulnerability in Golang GO Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. | 7.5 |
| 2023-12-05 | CVE-2023-45287 | Information Exposure Through Discrepancy vulnerability in Golang GO Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. | 7.5 |
| 2023-11-09 | CVE-2023-45283 | Path Traversal vulnerability in Golang GO The filepath package does not recognize paths with a \??\ prefix as special. | 7.5 |
| 2023-11-09 | CVE-2023-45284 | Unspecified vulnerability in Golang GO On Windows, The IsLocal function does not correctly detect reserved device names in some cases. | 5.3 |
| 2023-10-11 | CVE-2023-39325 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. | 7.5 |
| 2023-10-10 | CVE-2023-44487 | Resource Exhaustion vulnerability in multiple products The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | 7.5 |