Vulnerabilities > Golang > GO > 1.16.11
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-23 | CVE-2022-29526 | Improper Privilege Management vulnerability in multiple products Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. | 5.3 |
| 2022-04-20 | CVE-2022-24675 | Uncontrolled Recursion vulnerability in multiple products encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data. | 7.5 |
| 2022-04-20 | CVE-2022-28327 | The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input. | 7.5 |
| 2022-03-05 | CVE-2022-24921 | Uncontrolled Recursion vulnerability in multiple products regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. | 7.5 |
| 2022-02-11 | CVE-2022-23772 | Integer Overflow or Wraparound vulnerability in multiple products Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. | 7.5 |
| 2022-02-11 | CVE-2022-23773 | Interpretation Conflict vulnerability in multiple products cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. | 7.5 |
| 2022-02-11 | CVE-2022-23806 | Unchecked Return Value vulnerability in multiple products Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element. | 9.1 |
| 2022-01-01 | CVE-2021-44716 | Resource Exhaustion vulnerability in multiple products net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests. | 7.5 |
| 2022-01-01 | CVE-2021-44717 | Improper Resource Shutdown or Release vulnerability in multiple products Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion. | 4.8 |
| 2021-08-07 | CVE-2021-29923 | Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. | 7.5 |