285 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-29511
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The encoding/xml package in Go all versions does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allow...
Linux Distros Unpatched Vulnerability : CVE-2020-14040
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the...
CVE-2022-39200
Dendrite is a Matrix homeserver written in Go. In affected versions events retrieved from a remote homeserver using the /getmissingevents path did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this...
[SECURITY] Fedora 40 Update: golang-1.22.11-1.fc40
The Go Programming Language...
ROS-20250128-03
A vulnerability in the Go programming language is related to the fact that the application does not properly control the consumption of internal resources in several Parse functions. Exploitation of the vulnerability could allow An attacker acting remotely to cause a denial of service...
[SECURITY] Fedora 41 Update: golang-1.23.5-1.fc41
The Go Programming Language...
PT-2025-42736
Name of the Vulnerable Software and Affected Versions golang versions 1.15 golang versions 1.19 Description The net/url package does not properly validate bracketed IPv6 hostnames. This can lead to issues when parsing URLs containing IPv6 addresses enclosed in brackets. Recommendations Update to ...
The vulnerability of the Curve.IsOnCurve component in the Golang programming language, which allows a malicious actor to influence the accessibility and integrity of the resource.
The vulnerability of the Curve.IsOnCurve component in the Golang programming language is related to incorrect checking of the returned value by a method or function. Exploiting this vulnerability can allow an attacker to influence the accessibility and integrity of a resource...
SUSE-SU-2024:4010-1 Security update for SUSE Manager Client Tools
This update fixes the following issues: golang-github-lusitaniae-apacheexporter: - Security issues fixed: CVE-2023-3978: Fixed security bug in x/net dependency bsc1213933 - Other changes and issues fixed: Delete unpackaged debug files for RHEL Do not include source files in the package for RHEL 9...
ROS-20241112-03
Vulnerability of the JWE, JWS, JWT go-jose standards set implementation package for Go programming language is related to incorrect processing of highly compressed input data. Exploitation of the vulnerability could allow An attacker acting remotely to cause a denial of service Vulnerability of...
go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion
A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion...
golang: net: malformed DNS message can cause infinite loop
A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service DoS conditions...
RLSA-2024:7502 Moderate: go-toolset:rhel8 security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang-fips: Golang FIPS zeroed buffer CVE-2024-9355 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...
USN-7081-1: Go vulnerabilities
It was discovered that the Go net/http module did not properly handle responses to requests with an "Expect: 100-continue" header under certain circumstances. An attacker could possibly use this issue to cause a denial of service. CVE-2024-24791 It was discovered that the Go parser module did not...
The vulnerability in the Go programming language’s html/template package allows attackers to execute XSS attacks.
The vulnerability of the Go programming language’s html/template package is related to the lack of measures taken to protect web page structures. Exploiting this vulnerability allows an attacker to perform XSS attacks remotely...
ROS-20241001-10
A vulnerability in the Parse function of the Go programming language is related to uncontrolled recursion. Exploitation exploitation of the vulnerability could allow a remote attacker to cause a denial of service. A vulnerability in the Decoder.Decode function of the Go programming language is...
go-toolset:rhel8 security update
An update is available for module.go-toolset, go-toolset, delve, golang, module.golang, module.delve. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset...
Moderate: Red Hat Security Advisory: go-toolset:rhel8 security update
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...
net/http: Denial of service due to improper 100-continue handling in net/http
A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service...
ROS-20240923-06
Vulnerability of net/http and net/http2 libraries of Go programming language in terms of implementation of the HTTP/2 protocol is related to uncontrolled resource consumption as a result of incorrect determination of the termination of HTTP/2 is related to uncontrolled resource consumption as a...