Lucene search
K

4 matches found

RedHat Linux
RedHat Linux
added 2026/04/29 1:32 p.m.7 views

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

6.4CVSS7.2AI score0.00292EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/04/13 4:31 p.m.2 views

cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive

A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the 'cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command...

8.6CVSS5.9AI score0.00532EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2024/07/29 12:19 a.m.3 views

golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to...

5.9CVSS7.3AI score0.00667EPSS
Exploits0References11
OSV
OSV
added 2020/06/17 8:15 p.m.9 views

UBUNTU-CVE-2020-14040

The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to...

7.5CVSS6.9AI score0.01855EPSS
Exploits0References4
Rows per page
Query Builder