Vulnerabilities > Golang

DATE CVE VULNERABILITY TITLE RISK
2022-10-14 CVE-2022-41715 Unspecified vulnerability in Golang GO
Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service.
network
low complexity
golang
7.5
2022-10-14 CVE-2022-2879 Allocation of Resources Without Limits or Throttling vulnerability in Golang GO
Reader.Read does not set a limit on the maximum size of file headers.
network
low complexity
golang CWE-770
7.5
2022-10-14 CVE-2022-2880 HTTP Request Smuggling vulnerability in Golang GO
Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http.
network
low complexity
golang CWE-444
7.5
2022-10-14 CVE-2022-32149 Missing Release of Resource after Effective Lifetime vulnerability in Golang Text
An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.
network
low complexity
golang CWE-772
7.5
2022-09-13 CVE-2022-32190 Path Traversal vulnerability in Golang GO 1.19.0
JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path.
network
low complexity
golang CWE-22
7.5
2022-09-06 CVE-2021-43565 Unspecified vulnerability in Golang SSH
The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server.
network
low complexity
golang
7.5
2022-09-06 CVE-2022-27664 In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.
network
low complexity
golang fedoraproject
7.5
2022-08-10 CVE-2022-1705 HTTP Request Smuggling vulnerability in Golang GO
Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.
network
low complexity
golang CWE-444
6.5
2022-08-10 CVE-2022-1962 Uncontrolled Recursion vulnerability in Golang GO
Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.
local
low complexity
golang CWE-674
5.5
2022-08-10 CVE-2022-28131 Uncontrolled Recursion vulnerability in multiple products
Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.
network
low complexity
golang fedoraproject netapp CWE-674
7.5