Vulnerabilities > Golang

DATE CVE VULNERABILITY TITLE RISK
2023-04-06 CVE-2023-24534 Resource Exhaustion vulnerability in Golang GO
HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service.
network
low complexity
golang CWE-400
7.5
2023-04-06 CVE-2023-24536 Allocation of Resources Without Limits or Throttling vulnerability in Golang GO
Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts.
network
low complexity
golang CWE-770
7.5
2023-03-08 CVE-2023-24532 Incorrect Calculation vulnerability in Golang GO
The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve).
network
low complexity
golang CWE-682
5.3
2023-02-28 CVE-2022-41722 Path Traversal vulnerability in Golang GO
A path traversal vulnerability exists in filepath.Clean on Windows.
network
low complexity
golang CWE-22
7.5
2023-02-28 CVE-2022-41723 Unspecified vulnerability in Golang GO
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
network
low complexity
golang
7.5
2023-02-28 CVE-2022-41724 Resource Exhaustion vulnerability in Golang GO
Large handshake records may cause panics in crypto/tls.
network
low complexity
golang CWE-400
7.5
2023-02-28 CVE-2022-41725 Allocation of Resources Without Limits or Throttling vulnerability in Golang GO
A denial of service is possible from excessive resource consumption in net/http and mime/multipart.
network
low complexity
golang CWE-770
7.5
2023-02-28 CVE-2022-41727 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig.
local
low complexity
golang fedoraproject CWE-770
5.5
2023-01-13 CVE-2022-41721 HTTP Request Smuggling vulnerability in Golang H2C
A request smuggling attack is possible when using MaxBytesHandler.
network
low complexity
golang CWE-444
7.5
2022-12-26 CVE-2021-38561 Out-of-bounds Read vulnerability in Golang Text
golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing.
network
low complexity
golang CWE-125
7.5