Vulnerabilities > Golang
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-10 | CVE-2022-32148 | Unspecified vulnerability in Golang GO Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header. | 6.5 |
| 2022-08-10 | CVE-2022-32189 | Unspecified vulnerability in Golang GO A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service. | 7.5 |
| 2022-07-15 | CVE-2022-30634 | Infinite Loop vulnerability in multiple products Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes. | 7.5 |
| 2022-06-23 | CVE-2022-29526 | Improper Privilege Management vulnerability in multiple products Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. | 5.3 |
| 2022-04-20 | CVE-2022-24675 | Uncontrolled Recursion vulnerability in multiple products encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data. | 7.5 |
| 2022-04-20 | CVE-2022-27536 | Improper Certificate Validation vulnerability in Golang GO 1.18.0 Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. | 7.5 |
| 2022-04-20 | CVE-2022-28327 | The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input. | 7.5 |
| 2022-03-18 | CVE-2022-27191 | The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey. | 7.5 |
| 2022-03-05 | CVE-2022-24921 | Uncontrolled Recursion vulnerability in multiple products regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. | 7.5 |
| 2022-02-11 | CVE-2022-23772 | Integer Overflow or Wraparound vulnerability in multiple products Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. | 7.5 |