Vulnerabilities > Golang > GO

DATE CVE VULNERABILITY TITLE RISK
2023-09-08 CVE-2023-39320 Code Injection vulnerability in Golang GO 1.21.0/1.21.00
The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module.
network
low complexity
golang CWE-94
critical
9.8
2023-09-08 CVE-2023-39321 Unspecified vulnerability in Golang GO 1.21.0/1.21.00
Processing an incomplete post-handshake message for a QUIC connection can cause a panic.
network
low complexity
golang
7.5
2023-09-08 CVE-2023-39322 Allocation of Resources Without Limits or Throttling vulnerability in Golang GO 1.21.0/1.21.00
QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth.
network
low complexity
golang CWE-770
7.5
2023-08-02 CVE-2023-29409 Resource Exhaustion vulnerability in Golang GO
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures.
network
low complexity
golang CWE-400
5.3
2023-07-11 CVE-2023-29406 Interpretation Conflict vulnerability in Golang GO
The HTTP/1 client does not fully validate the contents of the Host header.
network
low complexity
golang CWE-436
6.5
2023-06-08 CVE-2023-29402 Code Injection vulnerability in multiple products
The go command may generate unexpected code at build time when using cgo.
network
low complexity
golang fedoraproject CWE-94
critical
9.8
2023-06-08 CVE-2023-29403 Exposure of Resource to Wrong Sphere vulnerability in multiple products
On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits.
local
low complexity
golang fedoraproject CWE-668
7.8
2023-06-08 CVE-2023-29404 Code Injection vulnerability in multiple products
The go command may execute arbitrary code at build time when using cgo.
network
low complexity
golang fedoraproject CWE-94
critical
9.8
2023-06-08 CVE-2023-29405 Injection vulnerability in multiple products
The go command may execute arbitrary code at build time when using cgo.
network
low complexity
golang fedoraproject CWE-74
critical
9.8
2023-05-11 CVE-2023-24539 Injection vulnerability in Golang GO
Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts.
network
low complexity
golang CWE-74
7.3