Vulnerabilities > Golang > GO > High

DATE CVE VULNERABILITY TITLE RISK
2022-08-10 CVE-2022-30632 Uncontrolled Recursion vulnerability in Golang GO
Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.
network
low complexity
golang CWE-674
7.5
2022-08-10 CVE-2022-30633 Uncontrolled Recursion vulnerability in Golang GO
Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag.
network
low complexity
golang CWE-674
7.5
2022-08-10 CVE-2022-30635 Uncontrolled Recursion vulnerability in Golang GO
Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.
network
low complexity
golang CWE-674
7.5
2022-08-10 CVE-2022-32189 Unspecified vulnerability in Golang GO
A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service.
network
low complexity
golang
7.5
2022-07-15 CVE-2022-30634 Infinite Loop vulnerability in multiple products
Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.
network
low complexity
golang netapp CWE-835
7.5
2022-04-20 CVE-2022-24675 Uncontrolled Recursion vulnerability in multiple products
encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.
network
low complexity
golang fedoraproject netapp CWE-674
7.5
2022-04-20 CVE-2022-27536 Improper Certificate Validation vulnerability in Golang GO 1.18.0
Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates.
network
low complexity
golang CWE-295
7.5
2022-04-20 CVE-2022-28327 The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.
network
low complexity
golang fedoraproject
7.5
2022-03-05 CVE-2022-24921 Uncontrolled Recursion vulnerability in multiple products
regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.
network
low complexity
golang netapp debian CWE-674
7.5
2022-02-11 CVE-2022-23772 Integer Overflow or Wraparound vulnerability in multiple products
Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.
network
low complexity
golang netapp debian CWE-190
7.5