241 matches found
archives 路径遍历漏洞
archives is a cross-platform, multi-format Go library by the individual developer Matt Holt in France. A path traversal vulnerability exists in archives, which stems from a path traversal attack that could lead to arbitrary file overwrites...
CVE-2025-1386- Query smuggling in ch-go library
Impact When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream. Patches If you are using ch-go library, we...
GHSA-M454-3XV7-QJ85 CVE-2025-1386- Query smuggling in ch-go library
Impact When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream. Patches If you are using ch-go library, we...
SUSE CVE-2025-1386
When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream...
CVE-2025-1386- Query smuggling in ch-go library
When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream...
CVE-2025-1386
When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream...
CVE-2025-1386
When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream...
CVE-2025-1386 Query smuggling in ch-go library
When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream...
CVE-2025-1386 Query smuggling in ch-go library
When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream...
CVE-2025-1386
CVE-2025-1386 concerns the ch-go library from github.com/ClickHouse/ch-go. The issue is a vulnerability in which, under a specific condition where a query includes large, uncompressed external data, an attacker who controls that data can smuggle another query packet into the same connection strea...
PT-2025-16026
Name of the Vulnerable Software and Affected Versions: ch-go library versions prior to 0.65.0 Description: The issue arises when the ch-go library is used under a specific condition where the query includes large, uncompressed malicious external data. This allows an attacker in control of such da...
CVE-2025-32024
bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image meta data from JPEG, TIFF, PNG, and WebP files. The EXIF data format allows for defining excessively large data structures in relatively small payloads. Before v0.10.0, If you didn't trust the input images, this could be abused to...
SUSE CVE-2025-32024
bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image meta data from JPEG, TIFF, PNG, and WebP files. The EXIF data format allows for defining excessively large data structures in relatively small payloads. Before v0.10.0, If you didn't trust the input images, this could be abused to...
SUSE CVE-2025-32025
bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image meta data from JPEG, TIFF, PNG, and WebP files. The buffer created for parsing metadata for PNG and WebP images was only bounded by their input data type, which could lead to potentially large memory allocation, and unreasonably...
CVE-2025-32025
bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image meta data from JPEG, TIFF, PNG, and WebP files. The buffer created for parsing metadata for PNG and WebP images was only bounded by their input data type, which could lead to potentially large memory allocation, and unreasonably...
CVE-2025-32025 bep/imagemeta allows a potentially large memory allocation in PNG and WebP parsing
bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image meta data from JPEG, TIFF, PNG, and WebP files. The buffer created for parsing metadata for PNG and WebP images was only bounded by their input data type, which could lead to potentially large memory allocation, and unreasonably...
CVE-2025-32024
CVE-2025-32024 affects the Go library bep/imagemeta used to read EXIF/IPTC/XMP metadata from JPEG, TIFF, PNG, and WebP files. The root cause is that EXIF data can define excessively large data structures, enabling a potential denial-of-service when untrusted images are processed prior to v0.10.0....
CVE-2025-32024 bep/imagemeta allows excessively large EXIF data structures
bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image meta data from JPEG, TIFF, PNG, and WebP files. The EXIF data format allows for defining excessively large data structures in relatively small payloads. Before v0.10.0, If you didn't trust the input images, this could be abused to...
chainMaker 安全漏洞
chainMaker is a Go library from Go Open Source. A security vulnerability exists in chainMaker versions prior to 2.3.6, which stems from the fact that multiple updates to the configuration may cause concurrent read and write operations to trigger a panic...
chainMaker 安全漏洞
chainMaker is a Go library in the Go open source. A security vulnerability exists in chainMaker versions prior to 2.4.0, which stems from logger.go mishandling concurrent writes to mappings, which can lead to read/write conflicts and crashes...