368 matches found
encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion
A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635...
net/http: Denial of service due to improper 100-continue handling in net/http
A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service...
golang: net: malformed DNS message can cause infinite loop
A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service DoS conditions...
RLSA-2024:7502 Moderate: go-toolset:rhel8 security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang-fips: Golang FIPS zeroed buffer CVE-2024-9355 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...
USN-7081-1: Go vulnerabilities
It was discovered that the Go net/http module did not properly handle responses to requests with an "Expect: 100-continue" header under certain circumstances. An attacker could possibly use this issue to cause a denial of service. CVE-2024-24791 It was discovered that the Go parser module did not...
USN-7061-1: Go vulnerabilities
Hunter Wittenborn discovered that Go incorrectly handled the sanitization of environment variables. An attacker could possibly use this issue to run arbitrary commands. CVE-2023-24531 Sohom Datta discovered that Go did not properly validate backticks as Javascript string delimiters, and did not...
The vulnerability in the Go programming language’s html/template package allows attackers to execute XSS attacks.
The vulnerability of the Go programming language’s html/template package is related to the lack of measures taken to protect web page structures. Exploiting this vulnerability allows an attacker to perform XSS attacks remotely...
ROS-20241001-10
A vulnerability in the Parse function of the Go programming language is related to uncontrolled recursion. Exploitation exploitation of the vulnerability could allow a remote attacker to cause a denial of service. A vulnerability in the Decoder.Decode function of the Go programming language is...
go-toolset:rhel8 security update
An update is available for module.go-toolset, go-toolset, delve, golang, module.golang, module.delve. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset...
Moderate: Red Hat Security Advisory: go-toolset:rhel8 security update
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...
net/http: Denial of service due to improper 100-continue handling in net/http
A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service...
ROS-20240923-06
Vulnerability of net/http and net/http2 libraries of Go programming language in terms of implementation of the HTTP/2 protocol is related to uncontrolled resource consumption as a result of incorrect determination of the termination of HTTP/2 is related to uncontrolled resource consumption as a...
The vulnerability of the net/http module in the Go programming language, related to improper input validation, allows attackers to trigger a service failure.
The vulnerability of the net/http module in the Go programming language is related to improper validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures remotely...
PT-2024-6111
Name of the Vulnerable Software and Affected Versions: Go affected versions not specified Description: The issue is related to the Decoder.Decode function in the Go programming language, which can cause a panic due to stack exhaustion when handling deeply nested structures. This is caused by...
ROS-20240902-15
A vulnerability in the net/http module of the Go programming language is related to improper input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
PT-2024-6112 · Google +10 · Go +10
Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.23.1 Go versions prior to 1.22.7 Description: The issue is related to the Parse function in the Go programming language, which can cause a panic due to stack exhaustion when dealing with deeply nested expressions in a "...
ROS-20240826-01
Vulnerability of HTTP/2 protocol implementation is related to the possibility of forming a stream of requests within an already established network connection without opening new network connections and without confirming receipt of requests. The vulnerability of the HTTP/2 protocol implementatio...
gotribe-admin 安全漏洞
gotribe-admin is a Go + Vue developed small cms solution by gotribe open source. A security vulnerability exists in gotribe-admin version 1.0, which stems from the function InitRoutes in the file internal/app/routes/routes.go that causes deserialization...
ROS-20240805-03
Vulnerability of HTTP/2 protocol implementation is related to the possibility of forming a stream of requests within an already established network connection without opening new network connections and without confirming receipt of requests. The vulnerability of the HTTP/2 protocol implementatio...
ROS-20240422-11
Vulnerability of net/http and net/http2 libraries of Go programming language in terms of implementation of the HTTP/2 protocol is related to uncontrolled resource consumption as a result of incorrect determination of the end of the HTTP/2 is related to uncontrolled resource consumption as a resul...