CLSA-2026-1776965343 Fix CVE(s): CVE-2022-29404

SECURITY UPDATE: DoS via unbounded request body in modlua - debian/patches/CVE-2022-29404-part1.patch: set APDEFAULTLIMITREQBODY to 1GB in server/core.c, enforce LimitRequestBody in apsetupclientblock in modules/http/httpfilters.c, remove redundant proxy check in modules/proxy/modproxyhttp.c. -...

MiracleLinux 9 : golang-1.19.10-1.el9, go-toolset-1.19.10-1.el9 (AXSA:2023-6174:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6174:04 advisory. golang: cmd/go: go command may generate unexpected code at build time when using cgo CVE-2023-29402 golang: cmd/go: go command may execute arbitrary...

MiracleLinux 7 : httpd24-httpd-2.4.34-23.el7.5 (AXSA:2022-3871:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3871:03 advisory. httpd: modsed: Read/write beyond bounds CVE-2022-23943 httpd: Request splitting via HTTP/2 method injection and modproxy CVE-2021-33193 httpd: NULL...

TencentOS Server 3: go-toolset:rhel8 (TSSA-2023:0177)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0177 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Security Bulletin: IBM Storage Ceph is vulnerable to Code Injection in Golang (CVE-2023-29404)

Summary Golang is used by IBM Storage Ceph in Grafana. CVE-2023-29404 This bulletin identifies the steps to take to address the vulnerability in Golang. Vulnerability Details CVEID:CVE-2023-29404 DESCRIPTION: The go command may execute arbitrary code at build time when using cgo. This may occur...

Alibaba Cloud Linux 3 : 0055: go-toolset:rhel8 (ALINUX3-SA-2023:0055)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2023:0055 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-29402: The go command may generat...

CVE-2025-29404

creationtimestamp| type| source ---|---|--- 2025-03-19 07:53:31+00:00| seen| https://gist.github.com/bGl1o/dc3c799c7db3b583ce8737c52a830d21...

Linux Distros Unpatched Vulnerability : CVE-2023-29404

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The go command may execute arbitrary code at build time when using cgo. This may occur when running go get on a malicious module, or when running any other...

Azure Linux 3.0 Security Update: golang / msft-golang (CVE-2023-29404)

The version of golang / msft-golang installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-29404 advisory. - The go command May execute arbitrary code at build time when using cgo. This May occur when...

CVE-2024-29404

creationtimestamp| type| source ---|---|--- 2024-12-03 16:50:23+00:00| seen| https://infosec.exchange/users/cve/statuses/113589919625048647...

CVE-2022-29404

creationtimestamp| type| source ---|---|--- 2024-10-15 10:14:15+00:00| seen| Telegram/HfSunJuoYNfbsQCJ20cuXyI7bzH8EMEXzusn30k3vpXeQ 2025-05-13 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-133-01...

CVE-2023-29404 affecting package golang for versions less than 1.22.7-2

CVE-2023-29404 affecting package golang for versions less than 1.22.7-2. An upgraded version of the package is available that resolves this issue...

Important: Red Hat Security Advisory: Updated rhceph-5.3 container image and security update

Updated rhceph-5.3 container image is now available in the Red Hat Ecosystem Catalog. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Apache 2.4.x < 2.4.54 Multiple Vulnerabilities (mod_lua)

The version of Apache httpd installed on the remote host is prior to 2.4.54. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.54 advisory. - Denial of service in modlua r:parsebody: In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that...

CVE-2023-29404 affecting package golang for versions less than 1.21.6-1

CVE-2023-29404 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...

CVE-2023-29404 affecting package golang for versions less than 1.21.6-1

CVE-2023-29404 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...

EulerOS 2.0 SP10 : golang (EulerOS-SA-2023-2786)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The encoding/xml package in Go all versions does not correctly preserve the semantics of attribute namespace prefixes during tokenization...

Oracle TimesTen 18.x < 18.1.4.39.0, 22.x < 22.1.1.18.0 Multiple Vulnerabilities (October 2023 CPU)

The version of Oracle TimesTen installed on the remote host is 18.x prior to 18.1.4.39.0 or 22.x prior to 22.1.1.18.0. It is, therefore, affected by multiple vulnerabilities as referenced in the October 2023 CPU advisory: - Security-in-Depth issue in the TimesTen In-Memory Database product of...

Rocky Linux 8 : httpd:2.4 (RLSA-2022:7647)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:7647 advisory. - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Serve...

Security Bulletin: IBM Rational Build Forge is vulnerable to a denial of service due to the use of Apache HTTP server (CVE-2022-29404).

Summary Apache HTTP server is used by IBM Rational Build Forge. This fix includes Apache Http Server 2.4.54 Vulnerability Details CVEID:CVE-2022-29404 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by no default limit on possible input size. By sending a specially...