92 matches found
Google Go 安全漏洞
Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from SWIG filenames marked with the "go" label and containing carefully crafted malicious...
PT-2026-31058
Name of the Vulnerable Software and Affected Versions SWIG affected versions not specified Description SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass. Recommendations At the moment, there...
Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.2.3
Red Hat OpenShift Service Mesh 3.2.3 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift Service Mesh 3.2....
Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.1.6
Red Hat OpenShift Service Mesh 3.1.6 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift Service Mesh 3.1....
Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.0.9
Red Hat OpenShift Service Mesh 3.0.9 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift Service Mesh 3.0....
OESA-2026-1699 golang security update
The Go Programming Language. Security Fixes: The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large...
OESA-2026-1698 golang security update
The Go Programming Language. Security Fixes: The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large...
TencentOS Server 3: go-toolset:rhel8 (TSSA-2026:0170)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0170 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
RHEL 9 : golang (RHSA-2026:3472)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3472 advisory. The golang packages provide the Go programming language compiler. Security Fixes: golang: archive/zip: Excessive CPU consumption when buildi...
RHEL 9 : golang (RHSA-2026:3469)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3469 advisory. The golang packages provide the Go programming language compiler. Security Fixes: golang: archive/zip: Excessive CPU consumption when buildi...
Alibaba Cloud Linux 3 : 0042: go-toolset:an8 (ALINUX3-SA-2026:0042)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0042 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-61726: The net/url package does n...
SUSE-SU-2026:0789-1 Security update for go1.24-openssl
This update for go1.24-openssl fixes the following issues: Update to version 1.24.13 jscSLE-18320, bsc1236217. Security issues fixed: - CVE-2025-61732: cmd/cgo: discrepancy between Go and C/C++ comment parsing allows for C code smuggling bsc1257692. - CVE-2025-68119: cmd/go: unexpected code...
Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.6.14
Red Hat OpenShift Service Mesh 2.6.14 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift Service Mesh...
CLSA-2026-1772124479 golang: Fix of 7 CVEs
Update to Go 1.25.7 - CVE-2025-61726: fixed DoS due to memory exhaustion flaw in net/url parameter parsing - CVE-2025-61732: fixed RCE via code smuggling flaw in cgo comment parsing - CVE-2025-68121: fixed security bypass in TLS where session resumption could ignore revoked or expired client...
cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy
A flaw was found in Go's 'cgo tool'. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then "smuggled" into the compiled cgo binary. An attacker could exploit this to embed and execute arbitrary...
Important: Red Hat Security Advisory: go-toolset:rhel8 security update
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common...
cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy
A flaw was found in Go's 'cgo tool'. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then "smuggled" into the compiled cgo binary. An attacker could exploit this to embed and execute arbitrary...
cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy
A flaw was found in Go's 'cgo tool'. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then "smuggled" into the compiled cgo binary. An attacker could exploit this to embed and execute arbitrary...
cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy
A flaw was found in Go's 'cgo tool'. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then "smuggled" into the compiled cgo binary. An attacker could exploit this to embed and execute arbitrary...
Important: Red Hat Security Advisory: go-toolset:rhel8 security update
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...