3 matches found
AZL-37314 CVE-2023-44487 affecting package golang for versions less than 1.21.6-1
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
AZL-45402 CVE-2022-29526 affecting package delve 1.5.0-16
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...
In Go before 1.13.13 and 1.14.x before 1.14.5 Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus X.509 certificate verification is incomplete.
...