Search CVE reports
1 – 10 of 60 results
[crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain]
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang | Not in release | Not in release | — | — |
| golang-1.6 | Not in release | Not in release | — | — |
| golang-1.8 | Not in release | Not in release | — | Needs evaluation |
| golang-1.9 | Not in release | Not in release | — | Needs evaluation |
| golang-1.10 | Not in release | Not in release | — | Needs evaluation |
| golang-1.13 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Needs evaluation | — |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.17 | Not in release | Needs evaluation | — | — |
| golang-1.18 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.20 | Not in release | Needs evaluation | Needs evaluation | — |
| golang-1.21 | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.22 | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.23 | Needs evaluation | Needs evaluation | — | — |
| golang-1.24 | Not in release | Not in release | — | — |
| golang-1.25 | Not in release | Not in release | — | — |
[cmd/go: unexpected code execution when invoking toolchain]
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang | Not in release | Not in release | — | — |
| golang-1.6 | Not in release | Not in release | — | — |
| golang-1.8 | Not in release | Not in release | — | Needs evaluation |
| golang-1.9 | Not in release | Not in release | — | Needs evaluation |
| golang-1.10 | Not in release | Not in release | — | Needs evaluation |
| golang-1.13 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Needs evaluation | — |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.17 | Not in release | Needs evaluation | — | — |
| golang-1.18 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.20 | Not in release | Needs evaluation | Needs evaluation | — |
| golang-1.21 | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.22 | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.23 | Needs evaluation | Needs evaluation | — | — |
| golang-1.24 | Not in release | Not in release | — | — |
| golang-1.25 | Not in release | Not in release | — | — |
[cmd/go: bypass of flag sanitization can lead to arbitrary code execution]
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang | Not in release | Not in release | — | — |
| golang-1.6 | Not in release | Not in release | — | — |
| golang-1.8 | Not in release | Not in release | — | Needs evaluation |
| golang-1.9 | Not in release | Not in release | — | Needs evaluation |
| golang-1.10 | Not in release | Not in release | — | Needs evaluation |
| golang-1.13 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Needs evaluation | — |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.17 | Not in release | Needs evaluation | — | — |
| golang-1.18 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.20 | Not in release | Needs evaluation | Needs evaluation | — |
| golang-1.21 | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.22 | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.23 | Needs evaluation | Needs evaluation | — | — |
| golang-1.24 | Not in release | Not in release | — | — |
| golang-1.25 | Not in release | Not in release | — | — |
[crypto/tls: handshake messages may be processed at the incorrect encryption level]
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang | Not in release | Not in release | — | — |
| golang-1.6 | Not in release | Not in release | — | — |
| golang-1.8 | Not in release | Not in release | — | Needs evaluation |
| golang-1.9 | Not in release | Not in release | — | Needs evaluation |
| golang-1.10 | Not in release | Not in release | — | Needs evaluation |
| golang-1.13 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Needs evaluation | — |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.17 | Not in release | Needs evaluation | — | — |
| golang-1.18 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.20 | Not in release | Needs evaluation | Needs evaluation | — |
| golang-1.21 | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.22 | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.23 | Needs evaluation | Needs evaluation | — | — |
| golang-1.24 | Not in release | Not in release | — | — |
| golang-1.25 | Not in release | Not in release | — | — |
[archive/zip: denial of service when parsing arbitrary ZIP archives]
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang | Not in release | Not in release | — | — |
| golang-1.6 | Not in release | Not in release | — | — |
| golang-1.8 | Not in release | Not in release | — | Needs evaluation |
| golang-1.9 | Not in release | Not in release | — | Needs evaluation |
| golang-1.10 | Not in release | Not in release | — | Needs evaluation |
| golang-1.13 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Needs evaluation | — |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.17 | Not in release | Needs evaluation | — | — |
| golang-1.18 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.20 | Not in release | Needs evaluation | Needs evaluation | — |
| golang-1.21 | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.22 | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.23 | Needs evaluation | Needs evaluation | — | — |
| golang-1.24 | Not in release | Not in release | — | — |
| golang-1.25 | Not in release | Not in release | — | — |
[net/http: memory exhaustion in Request.ParseForm]
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang | Not in release | Not in release | — | — |
| golang-1.6 | Not in release | Not in release | — | — |
| golang-1.8 | Not in release | Not in release | — | Needs evaluation |
| golang-1.9 | Not in release | Not in release | — | Needs evaluation |
| golang-1.10 | Not in release | Not in release | — | Needs evaluation |
| golang-1.13 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Needs evaluation | — |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.17 | Not in release | Needs evaluation | — | — |
| golang-1.18 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.20 | Not in release | Needs evaluation | Needs evaluation | — |
| golang-1.21 | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.22 | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.23 | Needs evaluation | Needs evaluation | — | — |
| golang-1.24 | Not in release | Not in release | — | — |
| golang-1.25 | Not in release | Not in release | — | — |
The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang | Not in release | Not in release | — | — |
| golang-1.6 | Not in release | Not in release | — | — |
| golang-1.8 | Not in release | Not in release | — | Needs evaluation |
| golang-1.9 | Not in release | Not in release | — | Needs evaluation |
| golang-1.10 | Not in release | Not in release | — | Needs evaluation |
| golang-1.13 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Needs evaluation | — |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.17 | Not in release | Needs evaluation | — | — |
| golang-1.18 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.20 | Not in release | Needs evaluation | Needs evaluation | — |
| golang-1.21 | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.22 | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.23 | Needs evaluation | Needs evaluation | — | — |
| golang-1.24 | Not in release | Not in release | — | — |
| golang-1.25 | Not in release | Not in release | — | — |
The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang | Not in release | Not in release | — | — |
| golang-1.6 | Not in release | Not in release | — | — |
| golang-1.8 | Not in release | Not in release | — | Needs evaluation |
| golang-1.9 | Not in release | Not in release | — | Needs evaluation |
| golang-1.10 | Not in release | Not in release | — | Needs evaluation |
| golang-1.13 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Needs evaluation | — |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.17 | Not in release | Needs evaluation | — | — |
| golang-1.18 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.20 | Not in release | Needs evaluation | Needs evaluation | — |
| golang-1.21 | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.22 | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.23 | Needs evaluation | Needs evaluation | — | — |
| golang-1.24 | Not in release | Not in release | — | — |
| golang-1.25 | Not in release | Not in release | — | — |
The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang | Not in release | Not in release | — | — |
| golang-1.6 | Not in release | Not in release | — | — |
| golang-1.8 | Not in release | Not in release | — | Needs evaluation |
| golang-1.9 | Not in release | Not in release | — | Needs evaluation |
| golang-1.10 | Not in release | Not in release | — | Needs evaluation |
| golang-1.13 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Needs evaluation | — |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.17 | Not in release | Needs evaluation | — | — |
| golang-1.18 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.20 | Not in release | Needs evaluation | Needs evaluation | — |
| golang-1.21 | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.22 | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.23 | Needs evaluation | Needs evaluation | — | — |
| golang-1.24 | Not in release | Not in release | — | — |
| golang-1.25 | Not in release | Not in release | — | — |
When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.
16 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang | Not in release | Not in release | — | — |
| golang-1.6 | Not in release | Not in release | — | — |
| golang-1.8 | Not in release | Not in release | — | Needs evaluation |
| golang-1.9 | Not in release | Not in release | — | Needs evaluation |
| golang-1.10 | Not in release | Not in release | — | Needs evaluation |
| golang-1.13 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Needs evaluation | — |
| golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.17 | Not in release | Needs evaluation | — | — |
| golang-1.18 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.20 | Not in release | Needs evaluation | Needs evaluation | — |
| golang-1.21 | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.22 | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.23 | Needs evaluation | Needs evaluation | — | — |
| golang-1.24 | Not in release | Not in release | — | — |
| golang-1.25 | Not in release | Not in release | — | — |