UBUNTU-CVE-2022-24921

regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression...

Uncontrolled Resource Consumption

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

[SECURITY] Fedora 35 Update: golang-1.16.12-1.fc35

The Go Programming Language...

golang: crypto/elliptic: incorrect operations on the P-224 curve

A flaw detected in golang: crypto/elliptic, in which P-224 keys as generated can return incorrect inputs, reducing the strength of the cryptography. The highest threat from this vulnerability is confidentiality and integrity...

CVE-2021-41772

Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field...

CVE-2021-41771

ImportedSymbols in debug/macho for Open or OpenFat in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation...

Clash - A Rule-Based Tunnel In Go

Clash A rule-based tunnel in Go. Features Local HTTP/HTTPS/SOCKS server with authentication support VMess, Shadowsocks, Trojan, Snell protocol support for remote connections Built-in DNS server that aims to minimize DNS pollution attack impact, supports DoH/DoT upstream and fake IP. Rules based o...

Security update for go1.17 (moderate)

openSUSE Security Update: Security update for go1.17 Announcement ID: openSUSE-SU-2021:3488-1 Rating: moderate References: 1190649 1191468 Cross-References: CVE-2021-38297 CVSS scores: CVE-2021-38297 SUSE: 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: openSUSE Leap 15.3 An...

OPENSUSE-SU-2021:1342-1 Security update for go1.16

This update for go1.16 fixes the following issues: - Update to go 1.16.8 - CVE-2021-39293: Fixed a buffer overflow issue in preallocation check that can cause OOM panic. bas This update was imported from the SUSE:SLE-15:Update update project...

Fedora: Security Advisory for golang (FEDORA-2021-e71b05ba7b)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 34 Update: golang-1.16.8-1.fc34

The Go Programming Language...

Moderate: Red Hat Security Advisory: go-toolset:rhel8 security update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RLSA-2021:3585 Moderate: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet CVE-2021-29923 For more details about the security issues, including the...

[SECURITY] Fedora 33 Update: golang-1.15.15-1.fc33

The Go Programming Language...

RHEL 7 : go-toolset-1.15-golang (RHSA-2021:3431)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3431 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: net:...

golang: archive/zip: malformed archive may cause panic or memory exhaustion

A vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files...

DEBIAN-CVE-2021-29923

Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which in some situations allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR...

CVE-2021-29923

Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which in some situations allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR...

CVE-2021-29923

Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which in some situations allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR...

CVE-2021-29923

Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which in some situations allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR...