Vulnerabilities > Golang > GO

DATE	CVE	VULNERABILITY TITLE	RISK
2024-06-05	CVE-2024-24789	Unspecified vulnerability in Golang GO The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. local low complexity golang	5.5
2024-06-05	CVE-2024-24790	Unspecified vulnerability in Golang GO The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. network low complexity golang critical	9.8
2023-12-06	CVE-2023-39326	Unspecified vulnerability in Golang GO A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. network low complexity golang	5.3
2023-12-06	CVE-2023-45285	Unspecified vulnerability in Golang GO Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. network low complexity golang	7.5
2023-12-05	CVE-2023-45287	Information Exposure Through Discrepancy vulnerability in Golang GO Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. network low complexity golang CWE-203	7.5
2023-11-09	CVE-2023-45283	Path Traversal vulnerability in Golang GO The filepath package does not recognize paths with a \??\ prefix as special. network low complexity golang CWE-22	7.5
2023-11-09	CVE-2023-45284	Unspecified vulnerability in Golang GO On Windows, The IsLocal function does not correctly detect reserved device names in some cases. network low complexity golang	5.3
2023-10-11	CVE-2023-39325	Allocation of Resources Without Limits or Throttling vulnerability in multiple products A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. network low complexity golang fedoraproject netapp CWE-770	7.5
2023-10-10	CVE-2023-44487	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. network low complexity ietf nghttp2 netty envoyproxy eclipse caddyserver golang f5 apache apple grpc microsoft nodejs dena facebook amazon debian kazu-yamamoto istio varnish-cache-project traefik projectcontour linkerd linecorp redhat fedoraproject netapp akka konghq jenkins openresty cisco	7.5
2023-10-05	CVE-2023-39323	Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. network high complexity golang fedoraproject	8.1