Vulnerabilities > Golang > GO
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-18 | CVE-2015-5739 | HTTP Request Smuggling vulnerability in multiple products The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length." | 9.8 |
| 2017-10-05 | CVE-2017-15042 | Cleartext Transmission of Sensitive Information vulnerability in Golang GO An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. | 5.9 |
| 2017-10-05 | CVE-2017-15041 | Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. | 9.8 |
| 2017-10-05 | CVE-2017-1000098 | Uncontrolled File Descriptor Consumption vulnerability in Golang GO The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit. | 7.5 |
| 2017-10-05 | CVE-2017-1000097 | Improper Certificate Validation vulnerability in Golang GO On Darwin, user's trust preferences for root certificates were not honored. | 7.5 |
| 2017-07-06 | CVE-2017-8932 | Incorrect Calculation vulnerability in multiple products A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. | 5.9 |
| 2016-07-19 | CVE-2016-5386 | Improper Access Control vulnerability in multiple products The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. | 8.1 |
| 2016-05-23 | CVE-2016-3959 | Improper Input Validation vulnerability in multiple products The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries. | 7.5 |
| 2016-05-23 | CVE-2016-3958 | Permissions, Privileges, and Access Controls vulnerability in Golang GO Untrusted search path vulnerability in Go before 1.5.4 and 1.6.x before 1.6.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function. | 7.8 |
| 2016-01-27 | CVE-2015-8618 | Information Exposure vulnerability in multiple products The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors. | 7.5 |