Vulnerabilities > Golang

DATE CVE VULNERABILITY TITLE RISK
2021-08-02 CVE-2021-33197 Missing Authorization vulnerability in Golang GO
In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.
network
golang CWE-862
4.3
2021-08-02 CVE-2021-33198 Unspecified vulnerability in Golang GO
In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.
network
low complexity
golang
5.0
2021-07-15 CVE-2021-34558 Improper Certificate Validation vulnerability in multiple products
The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.
network
low complexity
golang fedoraproject netapp oracle CWE-295
6.5
2021-07-09 CVE-2012-2666 Insecure Temporary File vulnerability in Golang GO 1.0.2
golang/go in 1.0.2 fixes all.bash on shared machines.
network
low complexity
golang CWE-377
7.5
2021-05-27 CVE-2021-31525 Uncontrolled Recursion vulnerability in multiple products
net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse.
network
high complexity
golang fedoraproject CWE-674
5.9
2021-05-26 CVE-2021-33194 Infinite Loop vulnerability in multiple products
golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input.
network
low complexity
golang fedoraproject CWE-835
7.5
2021-03-11 CVE-2021-27919 archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename.
local
low complexity
golang fedoraproject
5.5
2021-03-11 CVE-2021-27918 Infinite Loop vulnerability in Golang GO
encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element.
network
low complexity
golang CWE-835
7.5
2021-01-26 CVE-2021-3115 Uncontrolled Search Path Element vulnerability in multiple products
Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).
network
high complexity
golang fedoraproject netapp CWE-427
7.5
2021-01-26 CVE-2021-3114 Incorrect Calculation vulnerability in multiple products
In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.
network
low complexity
golang fedoraproject debian netapp CWE-682
6.5