286 matches found
RLSA-2023:0328 Moderate: go-toolset and golang security and bug fix update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fixes: golang: archive/tar: unbounded memory consumption when reading headers CVE-2022-2879 golang: net/http/httputi...
[SECURITY] Fedora 37 Update: golang-1.19.4-1.fc37
The Go Programming Language...
A New GoLang Botnet named GoTrim BruteForcing multiple CMS
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new GoTrim botnet has been scanning and brute-forcing on the four Content Management Systems WordPress, DataLife Engine, Joomla!, and OpenCart websites. GoTrim botnet is written in Go Programming...
CVE-2022-41920 Zip slip in Lancet
Lancet is a general utility library for the go programming language. Affected versions are subject to a ZipSlip issue when using the fileutil package to unzip files. This issue has been addressed and a fix will be included in versions 2.1.10 and 1.3.4. Users are advised to upgrade. There are no...
CVE-2022-41920 Zip slip in Lancet
Lancet is a general utility library for the go programming language. Affected versions are subject to a ZipSlip issue when using the fileutil package to unzip files. This issue has been addressed and a fix will be included in versions 2.1.10 and 1.3.4. Users are advised to upgrade. There are no...
CVE-2022-41920
Lancet’s Go library (github.com/duke-git/lancet) contains a ZipSlip vulnerability in the fileutil UnZip path when unzipping archives. Affected versions are vulnerable; the issue is addressed with fixes in Lancet v2.1.10 and v1.3.4. Upgrading to these versions or newer is advised. No explicit work...
USN-5725-1 golang-1.13 vulnerability
Diederik Loerakker, Jonny Rhea, Raúl Kripalani, and Preston Van Loon discovered that Go incorrectly handled certain inputs. An attacker could possibly use this issue to cause Go applications to hang or crash, resulting in a denial of service...
USN-5725-1: Go vulnerability
Diederik Loerakker, Jonny Rhea, Raúl Kripalani, and Preston Van Loon discovered that Go incorrectly handled certain inputs. An attacker could possibly use this issue to cause Go applications to hang or crash, resulting in a denial of service...
[SECURITY] Fedora 37 Update: golang-1.19.2-1.fc37
The Go Programming Language...
Fedora: Security Advisory for golang (FEDORA-2022-67ec8c61d0)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 36 Update: golang-1.18.6-1.fc36
The Go Programming Language...
CVE-2022-27664
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error...
CVE-2022-27664
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error...
The vulnerability of the Go programming language’s compress/gzip package, which allows a hacker to trigger a service failure
The vulnerability of the Go programming language’s compress/gzip package is related to unmanaged recursion. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service failures...
Researchers Detail Emerging Cross-Platform BianLian Ransomware Attacks
.jpg The operators of the emerging cross-platform BianLian ransomware have increased their command-and-control C2 infrastructure this month, a development that alludes to an increase in the group's operational tempo. BianLian, written in the Go programming language, was first discovered in mid-Ju...
AZL-10539 CVE-2022-32189 affecting package golang for versions less than 1.18.5-1
A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service...
AZL-79116 CVE-2022-1705 affecting package golang 1.25.7-1
Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid...
Important: Red Hat Security Advisory: go-toolset and golang security and bug fix update
An update for go-toolset and golang is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
RLSA-2022:5775 Important: go-toolset:rhel8 security and bug fix update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: compress/gzip: stack exhaustion in Reader.Read CVE-2022-30631 golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang: go/parser: stac...
Fedora: Security Advisory for golang-github-gojuno-minimock (FEDORA-2022-ea8f4e232d)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...