Lucene search
+L

4 matches found

Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.12 views

PT-2025-42738

Name of the Vulnerable Software and Affected Versions Go versions prior to 1.24.9-alt1 OpenTofu versions =2.10.0 Description The issue is a memory exhaustion flaw in the encoding/asn1 package of the Go programming language. The code pre-allocates memory based on fields within a DER structure befo...

9.8CVSS7.3AI score0.00526EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.7 views

PT-2025-42739

Name of the Vulnerable Software and Affected Versions golang versions 1.15 and 1.19 Description A flaw exists in the cookie parsing functionality of the net/http package. An absence of limits during cookie parsing can lead to excessive memory consumption, potentially resulting in memory exhaustio...

8.7CVSS6.7AI score0.00656EPSS
Exploits0References418
OSV
OSV
added 2021/05/27 1:15 p.m.5 views

UBUNTU-CVE-2021-31525

net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service panic via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations...

5.9CVSS6.9AI score0.03692EPSS
Exploits0References2
OSV
OSV
added 2020/12/14 8:15 p.m.4 views

DEBIAN-CVE-2020-29510

The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications...

5.6CVSS7.3AI score0.02047EPSS
Exploits0References1
Rows per page
Query Builder