Lucene search

K
redhatRedHatRHSA-2024:3259
HistoryMay 22, 2024 - 10:41 a.m.

(RHSA-2024:3259) Important: go-toolset:rhel8 security update

2024-05-2210:41:22
access.redhat.com
9
go programming language
net/http vulnerability
x/net/http2
cookiejar vulnerability
request.parsemultipartform
crypto/x509
net/mail vulnerability
html/template vulnerability

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

13.2%

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

Security Fix(es):

  • golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)

  • golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289)

  • golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)

  • golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)

  • golang: net/mail: comments in display names are incorrectly handled (CVE-2024-24784)

  • golang: html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.