Lucene search
K

15 matches found

RedHat Linux
RedHat Linux
added 3 days ago5 views

net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

A flaw was found in the net package of Go golang, specifically when using the LookupCNAME function with the cgo DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name CNAME response. This can trigger a double-free of C memory, leading to a crash and a Denial of...

7.5CVSS5.8AI score0.00813EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 3 days ago5 views

net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

A flaw was found in the net package of Go golang, specifically when using the LookupCNAME function with the cgo DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name CNAME response. This can trigger a double-free of C memory, leading to a crash and a Denial of...

7.5CVSS5.8AI score0.00813EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 3 days ago8 views

Important: Red Hat Security Advisory: opentelemetry-collector security update

An update for opentelemetry-collector is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.6CVSS7.6AI score0.00904EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/05/29 10:19 a.m.12 views

CVE-2026-33811

A flaw was found in the net package of Go golang, specifically when using the LookupCNAME function with the cgo DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name CNAME response. This can trigger a double-free of C memory, leading to a crash and a Denial of...

7.5CVSS5.8AI score0.00813EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/06/23 2:48 a.m.10 views

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

9.1CVSS7.1AI score0.00724EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/05/13 8:49 a.m.7 views

golang: net: malformed DNS message can cause infinite loop

A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service DoS conditions...

5.9CVSS7.3AI score0.01001EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/01/21 12:46 p.m.2 views

golang: net: malformed DNS message can cause infinite loop

A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service DoS conditions...

5.9CVSS7.3AI score0.01001EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/11/12 9:10 a.m.6 views

golang: net: malformed DNS message can cause infinite loop

A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service DoS conditions...

5.9CVSS7.3AI score0.01001EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/07/24 7:12 p.m.3 views

golang: net: malformed DNS message can cause infinite loop

A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service DoS conditions...

5.9CVSS7.3AI score0.01001EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/06/11 7:45 p.m.2 views

golang: net: malformed DNS message can cause infinite loop

A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service DoS conditions...

5.9CVSS7.3AI score0.01001EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/04/19 1:35 p.m.3 views

golang: net: lookup functions may return invalid host names

A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integri...

7.5CVSS7.2AI score0.03231EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/04/12 3:9 p.m.5 views

golang: net: lookup functions may return invalid host names

A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integri...

7.5CVSS7.2AI score0.03231EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2021/12/09 8:19 p.m.4 views

golang: net: lookup functions may return invalid host names

A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integri...

7.5CVSS7.2AI score0.03231EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2021/09/16 3:24 p.m.3 views

golang: net: lookup functions may return invalid host names

A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integri...

7.5CVSS7.2AI score0.03231EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2021/09/15 1:41 p.m.3 views

golang: net: lookup functions may return invalid host names

A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integri...

7.5CVSS7.2AI score0.03231EPSS
Exploits1References5
Rows per page
Query Builder