Security Bulletin: Golang Go vulnerability

Summary Golang Go is vulnerable to a denial of service Vulnerability Details CVEID:CVE-2022-27664 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in net/http. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a closin...

PT-2023-6430 · Adobe · Acrobat Reader +1

Name of the Vulnerable Software and Affected Versions: Adobe Acrobat Reader versions 23.001.20093 and earlier Adobe Acrobat Reader versions 20.005.30441 and earlier Adobe Acrobat 2020 Adobe Acrobat Reader 2020 Description: The issue is related to improper input validation, which could result in...

PT-2023-6431 · Adobe · Acrobat Reader +3

Name of the Vulnerable Software and Affected Versions: Adobe Acrobat Reader versions 23.001.20093 and earlier Adobe Acrobat Reader versions 20.005.30441 and earlier Adobe Acrobat 2020 Adobe Acrobat Reader 2020 Adobe Acrobat Document Cloud Adobe Acrobat Reader Document Cloud Description: The issue...

The vulnerabilities of the net/http and mime/multipart libraries used in the GoLang-based application software of the PPEO “Avora Center” allow attackers to perform a type of attack known as “denial-of-service attack”.

The vulnerability of the net/http and mime/multipart libraries used in the GoLang-based application software for the PPEO “Avora Center” involves uncontrolled resource consumption under certain input conditions. Exploiting this vulnerability could allow a remote attacker to execute a type of atta...

CVE-2023-24536

Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount ...

CVE-2023-24536

Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount ...

CVE-2023-24534 Excessive memory allocation in net/http and net/textproto

HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than requir...

CVE-2023-24536 Excessive resource consumption in net/http, net/textproto and mime/multipart

Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount ...

CVE-2023-24536

CVE-2023-24536 affects Go’s mime/multipart and related net/http form parsing. The issue stems from memory accounting and allocations when processing multipart forms, enabling potential denial of service through high CPU/memory usage. The fix improves memory estimation in ReadForm and enforces lim...

CVE-2023-24536

Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount ...

GO-2023-1705 Excessive resource consumption in net/http, net/textproto and mime/multipart

Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount ...

PT-2023-9029 · Golang +10 · Golang +10

Name of the Vulnerable Software and Affected Versions: Golang affected versions not specified Description: The issue is related to the consumption of large amounts of CPU and memory when processing form inputs containing a large number of parts. This can be caused by several factors, including th...

go -- multiple vulnerabilities

The Go project reports: go/parser: infinite loop in parsing Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow. html/template: backticks not treated as string delimiters Templates di...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.18 (SUSE-SU-2023:0869-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0869-1 advisory. - A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder...

SUSE SLES15 Security Update : container-suseconnect (SUSE-SU-2023:0871-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0871-1 advisory. - On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to...

Amazon Linux 2023 : golist (ALAS2023-2023-046)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-046 advisory. 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform (etcd) security update

An update for etcd is now available for Red Hat OpenStack Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

golang: net/http: improper sanitization of Transfer-Encoding header

A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid...

CVE-2022-41725

A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.19 (SUSE-SU-2023:0733-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0733-1 advisory. - A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the...