Improper Input Validation

github.com/golang/go/ is vulnerable to Improper Input Validation. The vulnerability is due to a misalignment in the behavior of zip implementations, which can be exploited to create zip files with varying contents based on the implementation reading the file...

Denial Of Service (DoS)

github.com/golang/go is vulnerable to Denial Of Service DoS. The vulnerability exists because the readChunkLine function in chunked.go does not properly check the bytes from the request or response body. A malicious attacker can exploit this to cause a server to automatically read a large amount ...

Arbitrary Code Execution

github.com/golang/go is vulnerable to Arbitrary Code Execution. The vulnerability exists in the isCgoGeneratedFile function at noder.go due to line directives allowing blocked linker and compiler flags to be passed during compilation, which can result in arbitrary code execution when running go...

Denial Of Service (DoS)

github.com/golang/go is vulnerable to Denial Of Service DoS. The vulnerability exists because handshakeclient.go does not set a max RSA key size, which can lead to extremely large RSA keys in certificate chains causing a client to expend significant CPU time to verify signatures. The fix sets the...

CRLF Injection

github.com/golang/go is vulnerable to CRLF Injection. The vulnerability exists because the library does not properly sanitize the Request.Host field, which allows an attacker to send a maliciously crafted Host field through the request header...

Denial Of Service (DoS)

github.com/golang/go is vulnerable to Denial of Service DoS attacks. A malicious user is able to cause an infinite loop via integer overflows when calling any of the Parse functions which contain //line directives with very large line numbers, which can cause the application to crash...

Privilege Escalation

github.com/golang/go is vulnerable to Privilege Escalation. The vulnerability exists due to the unsanitized NULL values in the Start function of exec.go, allowing an attacker to maliciously set environment variables on windows. For example, the environment variable string A=B\x00C=D sets the...

Path Traversal

github.com/golang/go is vulnerable to path traversal. The vulnerability exists because the JoinPath function of url.go does not properly remove the relative elements from the start of the path when the first path element is "", allowing an attacker to access files outside the expected directory...

Denial Of Service (DoS)

crypto/rand in github.com/golang/go is vulnerable to denial of service. The vulnerability exists when passing a buffer larger than 1 32 - 1 bytes which allows an attacker to cause an application crash...

Denial Of Service (DoS)

github.com/golang/go is vulnerable to Denial Of Service DoS. The vulnerability exists due to uncontrolled memory consumption in SetString function which allows an attacker to crash the application by providing a malicious input...

Denial Of Service (DoS)

github.com/golang/go is vulnerable to denial of service. An infinite loop occurs when using xml.NewTokenDecoder with a custom TokenReader...

Undefined Behavior

encoding/xml in github.com/golang/go is vulnerable to undefined behavior. The vulnerability is possible because it does not correctly preserve the semantics of directives during tokenization round-trips...

Denial Of Service (DoS)

github.com/golang/go is vulnerable to denial of service. An infinite read loop in ReadUvarint and ReadVarint allows an attacker to create a denial of service condition via malicious input...

HTTP Request Smuggling

github.com/golang/go is vulnerable to HTTP request smuggling. The vulnerability exists as invalid HTTP/1.1 headers were accepted and normalized with a space before the colon, allowing a reverse proxy to interpret the headers differently...

Authorization Bypass

github.com/golang/go is vulnerable to authorization bypass. The vulnerability exists as URL.Parse incorrectly parses host and port when given malformed URLs...

Denial Of Service (DoS)

crypto/elliptic in github.com/golang/go is vulnerable to denial of service DoS. The attack exists because it introduces a long busy loop in subtraction term for the implementation of P-521 and P-384 elliptic curve cryptography algorithms which allows malicious input through TLS handshakes, X.509...

Remote Code Execution (RCE)

github.com/golang/go is vulnerable to remote code execution RCE. If custom domains are used, a malicious user can set a domain example.com/proj1 to point to a subversion repository and another domain example.com/proj1/proj2 to point to a git repository. When the go get command is run, arbitrary...

Denial Of Service (DoS) Via Multipart Request

net/http in github.com/golang/go is vulnerable to denial of service DoS attacks. The attacks exist because Request.ParseMultipartForm begins writing temporary files regardless of the request body size surpassing the given "maxMemory" limit. Attacker can send malicious multipart request to consume...

HTTP Header Injection

net/textproto in github.com/golang/go is vulnerable to HTTP header injection attacks. These attacks are possible because it treats spaces as hyphens. This leaves net/textproto vulnerable to request smuggling...

Arbitrary Code Execution

github.com/golang/go is vulnerable to arbitrary code execution attacks. The application does not filter the compiler flag variables -fplugin= and -plugin= when the go get command is run, allowing a malicious user to inject and execute arbitrary code by loading compiler plugins...