Vulnerabilities > Golang
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-24 | CVE-2021-39293 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. | 5.0 |
| 2022-01-01 | CVE-2021-44716 | Resource Exhaustion vulnerability in multiple products net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests. | 7.5 |
| 2022-01-01 | CVE-2021-44717 | Improper Resource Shutdown or Release vulnerability in multiple products Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion. | 4.8 |
| 2021-11-08 | CVE-2021-41771 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation. | 7.5 |
| 2021-11-08 | CVE-2021-41772 | Improper Input Validation vulnerability in multiple products Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field. | 7.5 |
| 2021-10-18 | CVE-2021-38297 | Classic Buffer Overflow vulnerability in multiple products Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used. | 9.8 |
| 2021-08-08 | CVE-2021-36221 | Race Condition vulnerability in multiple products Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort. | 5.9 |
| 2021-08-07 | CVE-2021-29923 | Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. | 7.5 |
| 2021-08-02 | CVE-2021-33195 | Injection vulnerability in multiple products Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format. | 7.5 |
| 2021-08-02 | CVE-2021-33196 | Improper Input Validation vulnerability in multiple products In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic. | 7.5 |