Vulnerabilities > Golang
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-20 | CVE-2022-24675 | Allocation of Resources Without Limits or Throttling vulnerability in Golang GO encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data. | 5.0 |
| 2022-04-20 | CVE-2022-27536 | Improper Certificate Validation vulnerability in Golang GO Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. | 5.0 |
| 2022-04-20 | CVE-2022-28327 | Unspecified vulnerability in Golang GO The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input. | 5.0 |
| 2022-03-18 | CVE-2022-27191 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey. | 4.3 |
| 2022-03-05 | CVE-2022-24921 | Resource Exhaustion vulnerability in multiple products regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. | 5.0 |
| 2022-02-11 | CVE-2022-23772 | Integer Overflow or Wraparound vulnerability in multiple products Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. | 7.8 |
| 2022-02-11 | CVE-2022-23773 | Incorrect Authorization vulnerability in multiple products cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. | 5.0 |
| 2022-02-11 | CVE-2022-23806 | Unchecked Return Value vulnerability in multiple products Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element. | 6.4 |
| 2022-01-24 | CVE-2021-39293 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. | 5.0 |
| 2022-01-01 | CVE-2021-44716 | Resource Exhaustion vulnerability in multiple products net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests. | 5.0 |