25 matches found
CVE-2022-41716
Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavi...
Linux Distros Unpatched Vulnerability : CVE-2022-41716
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid...
SUSE: Security Advisory (SUSE-SU-2023:2312-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in Golang Go (CVE-2022-41716)
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in Golang Go caused by improper checking for invalid environment variable values in syscall CVE-2022-41716. Golang Go is included as an operator as part of the Base OS used by o...
Security Bulletin: CVE-2022-2879, CVE-2022-41715, CVE-2022-2880, CVE-2022-41717, CVE-2022-41716 may affect IBM CICS TX Advanced
Summary Multiple CVEs - CVE-2022-2879, CVE-2022-41715, CVE-2022-2880, CVE-2022-41717, CVE-2022-41716 may affect IBM CICS TX Advanced . IBM CICS TX Advanced has addressed the applicable CVEs. Relevant go related packages have been upgraded. Vulnerability Details CVEID:CVE-2022-2879 DESCRIPTION:...
Oracle Linux 8 : ol8addon (ELSA-2023-18908)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-18908 advisory. - Addresses CVE-2021-34558 - Include patch to fix CVE-2019-9741 - Fixes CVE-2019-6486 - Fixes CVE-2018-16873, CVE-2018-16874, CVE-2018-16875 - Fix...
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-1357)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux 2 : golist (ALAS-2023-1913)
The version of golist installed on the remote host is prior to 0.10.1-10. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1913 advisory. Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to...
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-1124)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-1010)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-1035)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux 2022 : golang (ALAS2022-2022-239)
The version of golang installed on the remote host is prior to 1.19.3-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-239 advisory. - Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read t...
Amazon Linux 2 : golang (ALAS-2022-1887)
The version of golang installed on the remote host is prior to 1.18.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1887 advisory. Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to...
Updated golang packages fix security vulnerability
Fixed unsanitized NUL in environment variables in syscalls, os/exec go56327 bsc1204941. CVE-2022-41716 runtime: lock count" fatal error when cgo is enabled go56308...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.18 (SUSE-SU-2022:4055-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:4055-1 advisory. Update to go 1.18.8 released 2022-11-01 bsc1193742: Security fixes: - CVE-2022-41716: Fixed unsanitized N...
SUSE: Security Advisory (SUSE-SU-2022:4054-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2022:4055-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2022:4055-1 Security update for go1.18
This update for go1.18 fixes the following issues: Update to go 1.18.8 released 2022-11-01 bsc1193742: Security fixes: - CVE-2022-41716: Fixed unsanitized NUL in environment variables in syscalls, os/exec go56327 bsc1204941. Bugfixes: - runtime: lock count' fatal error when cgo is enabled go56308...
Security fix for the ALT Linux 10 package golang version 1.19.3-alt1
Nov. 3, 2022 Alexey Shabalin 1.19.3-alt1 - New version 1.19.3 Fixes: CVE-2022-41716...
CVE-2022-41716
Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavi...