9 matches found
Updated golang packages fix security vulnerabilities
net/http: memory exhaustion in Request.ParseForm. CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives. CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level. CVE-2025-61730 cmd/go: bypass of flag sanitization can lead to...
Amazon Linux 2 : golang, --advisory ALAS2-2026-3136 (ALAS-2026-3136)
The version of golang installed on the remote host is prior to 1.24.12-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3136 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP...
Medium: runfinch-finch
Issue Overview: SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. CVE-2025-47913 net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives...
Medium: nerdctl
Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...
CVE-2025-61731
Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a...
Security update for go1.25
This update for go1.25 fixes the following issues: Update to go1.25.6 released 2026-01-15 bsc1244485 Security fixes: CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level bsc1256821. CVE-2025-68119: cmd/go: unexpected code execution when invoking...
Golang 1.25.x < 1.25.6 Multiple Vulnerabilities
The version of Golang running on the remote host is 1.25.x prior to 1.25.6. It is, therefore, affected by multiple vulnerabilities as referenced in advisory. - bypass of flag sanitization can lead to arbitrary code execution. CVE-2025-61731 - unexpected code execution when invoking toolchain...
PT-2026-2489
Name of the Vulnerable Software and Affected Versions Go affected versions not specified Description A flaw exists where downloading and building modules with malicious version strings can lead to local code execution. Systems utilizing Mercurial hg are susceptible to unexpected code execution wh...
PT-2026-2482
Name of the Vulnerable Software and Affected Versions cmd/go affected versions not specified Description A malicious file created using cmd/go can result in a write operation to a file controlled by an attacker, with partial control over the file's content. The issue stems from the use of the 'cg...