Vulnerabilities > Golang > GO

DATE CVE VULNERABILITY TITLE RISK
2022-09-06 CVE-2022-27664 In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.
network
low complexity
golang fedoraproject
7.5
2022-08-10 CVE-2022-1705 HTTP Request Smuggling vulnerability in Golang GO
Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.
network
low complexity
golang CWE-444
6.5
2022-08-10 CVE-2022-1962 Uncontrolled Recursion vulnerability in Golang GO
Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.
local
low complexity
golang CWE-674
5.5
2022-08-10 CVE-2022-28131 Uncontrolled Recursion vulnerability in multiple products
Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.
network
low complexity
golang fedoraproject netapp CWE-674
7.5
2022-08-10 CVE-2022-29804 Path Traversal vulnerability in Golang GO
Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack.
network
low complexity
golang CWE-22
7.5
2022-08-10 CVE-2022-30580 Code Injection vulnerability in Golang GO
Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset.
local
low complexity
golang CWE-94
7.8
2022-08-10 CVE-2022-30629 Use of Insufficiently Random Values vulnerability in Golang GO
Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.
network
high complexity
golang CWE-330
3.1
2022-08-10 CVE-2022-30630 Uncontrolled Recursion vulnerability in Golang GO
Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators.
network
low complexity
golang CWE-674
7.5
2022-08-10 CVE-2022-30631 Uncontrolled Recursion vulnerability in Golang GO
Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files.
network
low complexity
golang CWE-674
7.5
2022-08-10 CVE-2022-30632 Uncontrolled Recursion vulnerability in Golang GO
Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.
network
low complexity
golang CWE-674
7.5