Vulnerabilities > Golang

DATE CVE VULNERABILITY TITLE RISK
2023-12-18 CVE-2023-48795 Improper Validation of Integrity Check Value vulnerability in multiple products
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack.
5.9
2023-12-06 CVE-2023-39326 Unspecified vulnerability in Golang GO
A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body.
network
low complexity
golang
5.3
2023-12-06 CVE-2023-45285 Unspecified vulnerability in Golang GO
Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module.
network
low complexity
golang
7.5
2023-12-05 CVE-2023-45287 Information Exposure Through Discrepancy vulnerability in Golang GO
Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time.
network
low complexity
golang CWE-203
7.5
2023-11-09 CVE-2023-45283 Path Traversal vulnerability in Golang GO
The filepath package does not recognize paths with a \??\ prefix as special.
network
low complexity
golang CWE-22
7.5
2023-11-09 CVE-2023-45284 Unspecified vulnerability in Golang GO
On Windows, The IsLocal function does not correctly detect reserved device names in some cases.
network
low complexity
golang
5.3
2023-10-11 CVE-2023-39325 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption.
network
low complexity
golang fedoraproject netapp CWE-770
7.5
2023-10-10 CVE-2023-44487 Resource Exhaustion vulnerability in multiple products
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
7.5
2023-10-05 CVE-2023-39323 Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation.
network
high complexity
golang fedoraproject
8.1
2023-09-08 CVE-2023-39318 Cross-site Scripting vulnerability in Golang GO
The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts.
network
low complexity
golang CWE-79
6.1