GHSA-4C5F-9MJ4-M247 flagd: Multiple Go Runtime CVEs Impact Security and Availability

Summary In 2025, several vulnerabilities in the Go Standard Library were disclosed, impacting Go-based applications like flagd the evaluation engine for OpenFeature. These CVEs primarily focus on Denial of Service DoS through resource exhaustion and Race Conditions in database handling. | CVE ID ...

SUSE-SU-2025:3682-1 Security update for go1.24

This update for go1.24 fixes the following issues: go1.24.9 released 2025-10-13 includes fixes to the crypto/x509 package. bsc1236217 crypto/x509: TLS validation fails for FQDNs with trailing dot go1.24.8 released 2025-10-07 includes security fixes to the archive/tar, crypto/tls, crypto/x509,...

Security update for go1.25

This update for go1.25 fixes the following issues: go1.25.2 released 2025-10-07 includes security fixes to the archive/tar, crypto/tls, crypto/x509, encoding/asn1, encoding/pem, net/http, net/mail, net/textproto, and net/url packages, as well as bug fixes to the compiler, the runtime, and the...

RHEL 8 : mcg (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - golang: encoding/pem: fix stack overflow in Decode CVE-2022-24675 Note that Nessus has not tested for this issue bu...

RHEL 8 : Red Hat OpenShift Data Foundation 4.11.0 (RHSA-2022:6155)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6155 advisory. Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Re...

RHEL 8 : Release of OpenShift Serverless Client kn 1.24.0 (Important) (RHSA-2022:6042)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:6042 advisory. Red Hat OpenShift Serverless Client kn 1.24.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.24.0. The kn CLI is delivered a...

Rocky Linux 8 : go-toolset:rhel8 (RLSA-2022:5337)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:5337 advisory. - encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data. CVE-2022-24675 - regexp.Compile ...

Amazon Linux 2023 : golist (ALAS2023-2023-046)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-046 advisory. 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid...

CBL Mariner 2.0 Security Update: golang (CVE-2022-24675)

The version of golang installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-24675 advisory. - encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Golang Go (CVE-2022-24675)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Golang Go, caused by a stack-based buffer overflow in encoding/pem in the Decode feature CVE-2022-24675. A remote attacker could exploit this vulnerability to cause the program to crash...

EulerOS 2.0 SP3 : golang (EulerOS-SA-2022-2610)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data. CVE-2022-24675 - The gener...

Amazon Linux 2 : golang-github-godbus-dbus (ALAS-2022-1858)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1858 advisory. 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid...

Amazon Linux 2 : golang-github-gorilla-context (ALAS-2022-1859)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1859 advisory. 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid...

Amazon Linux 2 : golang-github-kr-pty (ALAS-2022-1864)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1864 advisory. 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid...

Amazon Linux 2 : golang-github-gorilla-mux (ALAS-2022-1860)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1860 advisory. 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid...

Moderate: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.0.4 security and bug fix update

OpenShift API for Data Protection OADP 1.0.4 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

RHEL 8 : OpenShift Container Platform 4.11.0 (RHSA-2022:5068)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5068 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

RHEL 7 / 8 : OpenShift Container Platform 4.10.25 (RHSA-2022:5729)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5729 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

golang: encoding/pem: fix stack overflow in Decode

A buffer overflow flaw was found in Golang's library encoding/pem. This flaw allows an attacker to use a large PEM input more than 5 MB, causing a stack overflow in Decode, which leads to a loss of availability...

golang: encoding/pem: fix stack overflow in Decode

A buffer overflow flaw was found in Golang's library encoding/pem. This flaw allows an attacker to use a large PEM input more than 5 MB, causing a stack overflow in Decode, which leads to a loss of availability...