Lucene search
K

2023 matches found

RedHat Linux
RedHat Linux
added yesterday5 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS6.8AI score0.01945EPSS
Exploits0References8
OSV
OSV
added 6 days ago2 views

GHSA-J48M-H7XQ-2XPJ goshs: Share-link ?token=… redemption races past download limit

Share-link ?token=… redemption races past download limit Ecosystem: Go Package: goshs.de/goshs/v2 github.com/patrickhener/goshs Affected: 0 || entry.DownloadLimit == -1 // ...serve file... // = current.DownloadLimit deletefs.SharedLinks, token fs.sharedLinksMu.Unlock Between line 978 RUnlock and...

5.9CVSS5.8AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 6 days ago6 views

crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

A flaw was found in the crypto/x509 package of golang. This vulnerability allows a remote attacker to cause a Denial of Service DoS by presenting a specially crafted X.509 certificate with a large number of DNS Subject Alternative Name SAN entries. The certificate verification process, specifical...

7.5CVSS5.8AI score0.00904EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 6 days ago4 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS5.8AI score0.00621EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 6 days ago5 views

crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

A flaw was found in the Go standard library packages crypto/x509 and crypto/tls. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being...

7.5CVSS7.2AI score0.00615EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 6 days ago5 views

crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

A flaw was found in Go's crypto/x509 package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service DoS for...

7.5CVSS7.1AI score0.00349EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 6 days ago5 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS7.1AI score0.00621EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 6 days ago5 views

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...

7.5CVSS7.1AI score0.00459EPSS
Exploits2References8
RedHat Linux
RedHat Linux
added 2026/06/30 8:27 p.m.3 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS7.1AI score0.00621EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.7 views

Amazon Linux 2023 : ecs-init (ALAS2023-2026-1906)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1906 advisory. Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder Tenable has extracted the preceding description block directly from the tested product security advisory. Note that Nessus ha...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/25 10:34 p.m.8 views

GO-2026-5547 in-toto-golang and in-toto-python have inconsistent negation behavior in github.com/in-toto/in-toto-golang

in-toto-golang and in-toto-python have inconsistent negation behavior in github.com/in-toto/in-toto-golang...

5.9AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/25 10:21 p.m.7 views

golang.org/x/crypto vulnerable to infinite loop on large channel writes

When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation...

9.1CVSS6AI score0.00466EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/06/25 10:21 p.m.4 views

GHSA-RM3J-F69W-WQMQ golang.org/x/crypto vulnerable to infinite loop on large channel writes

When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation...

9.1CVSS6AI score0.00466EPSS
Exploits0References6
OSV
OSV
added 2026/06/25 10:18 p.m.2 views

GHSA-W879-237Q-WC7R golang.org/x/crypto: Invoking pathological RSA/DSA parameters may cause DoS

The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public...

7.5CVSS6.4AI score0.004EPSS
Exploits0References14
Github Security Blog
Github Security Blog
added 2026/06/25 10:14 p.m.8 views

golang.org/x/crypto vulnerable to invoking bypass of certificate restrictions

When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError...

8.8CVSS6AI score0.00295EPSS
Exploits0References12Affected Software1
OSV
OSV
added 2026/06/25 10:14 p.m.3 views

GHSA-Q4H4-GMJ2-QVW2 golang.org/x/crypto: Invoking byte arithmetic causes underflow and panic

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...

7.5CVSS6AI score0.00359EPSS
Exploits0References6
OSV
OSV
added 2026/06/25 10:13 p.m.5 views

GHSA-JPPX-RXG9-JMRX golang.org/x/crypto doesn't enforce invoking key constraints

The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring now returns an error when...

9.1CVSS6AI score0.0036EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/25 5:32 p.m.4 views

net/textproto: golang: Golang net/textproto: Misleading error messages via input injection

A flaw was found in the net/textproto package in Golang. When functions in this package return errors, they include their input as part of the error message. An attacker could exploit this by injecting misleading content into these error messages, which are then printed or logged. This could lead...

5.3CVSS5.8AI score0.0037EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/25 10:0 a.m.4 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS5.8AI score0.00621EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/25 10:0 a.m.4 views

crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

A flaw was found in Go's crypto/x509 package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service DoS for...

7.5CVSS5.8AI score0.00349EPSS
Exploits0References8
Rows per page
Query Builder