Vulnerabilities > Golang

DATE CVE VULNERABILITY TITLE RISK
2022-04-20 CVE-2022-24675 Allocation of Resources Without Limits or Throttling vulnerability in Golang GO
encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.
network
low complexity
golang CWE-770
5.0
2022-04-20 CVE-2022-27536 Improper Certificate Validation vulnerability in Golang GO
Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates.
network
low complexity
golang CWE-295
5.0
2022-04-20 CVE-2022-28327 Unspecified vulnerability in Golang GO
The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.
network
low complexity
golang
5.0
2022-03-18 CVE-2022-27191 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.
4.3
2022-03-05 CVE-2022-24921 Resource Exhaustion vulnerability in multiple products
regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.
network
low complexity
golang netapp debian CWE-400
5.0
2022-02-11 CVE-2022-23772 Integer Overflow or Wraparound vulnerability in multiple products
Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.
network
low complexity
golang netapp debian CWE-190
7.8
2022-02-11 CVE-2022-23773 Incorrect Authorization vulnerability in multiple products
cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags.
network
low complexity
golang netapp CWE-863
5.0
2022-02-11 CVE-2022-23806 Unchecked Return Value vulnerability in multiple products
Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.
network
low complexity
golang netapp debian CWE-252
6.4
2022-01-24 CVE-2021-39293 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic.
network
low complexity
golang netapp CWE-770
5.0
2022-01-01 CVE-2021-44716 Resource Exhaustion vulnerability in multiple products
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.
network
low complexity
golang debian netapp CWE-400
5.0