26 matches found
Astra Linux – Vulnerability in Golang 1.19, Golang 1.23
If the PATH environment variable contains paths that are executable files rather than just directories, passing certain strings to LookPath "", ".", and ".." may cause the binaries listed in the PATH to be returned unexpectedly...
CVE-2025-68121 affecting package golang for versions less than 1.24.12-1
CVE-2025-68121 affecting package golang for versions less than 1.24.12-1. A patched version of the package is available...
CVE-2025-61726 affecting package golang for versions less than 1.25.6-1
CVE-2025-61726 affecting package golang for versions less than 1.25.6-1. A patched version of the package is available...
AZL-75695 CVE-2025-61726 affecting package golang for versions less than 1.24.12-1
The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containi...
CVE-2025-47906 affecting package golang for versions less than 1.24.6-1
CVE-2025-47906 affecting package golang for versions less than 1.24.6-1. An upgraded version of the package is available that resolves this issue...
Linux Distros Unpatched Vulnerability : CVE-2025-47912
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresse...
Linux Distros Unpatched Vulnerability : CVE-2025-61724
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large,...
Linux Distros Unpatched Vulnerability : CVE-2025-61725
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this...
Linux Distros Unpatched Vulnerability : CVE-2025-61723
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM...
Linux Distros Unpatched Vulnerability : CVE-2025-58186
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such ...
CVE-2025-22874 affecting package golang for versions less than 1.24.4-1
CVE-2025-22874 affecting package golang for versions less than 1.24.4-1. A patched version of the package is available...
Linux Distros Unpatched Vulnerability : CVE-2025-47906
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If the PATH environment variable contains paths which are executables rather than just directories, passing certain strings to LookPath , ., and .., can result ...
AZL-63716 CVE-2025-4673 affecting package golang for versions less than 1.18.8-9
Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information...
AZL-63725 CVE-2025-4673 affecting package golang for versions less than 1.22.7-5
Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information...
Golang 1.24.x < 1.24.3 Directory Traversal
The version of Golang running on the remote host is 1.24.x prior to 1.24.3. It is, therefore, affected by a directory traversal vulnerability that makes it possible to improperly access the parent directory of an os.Root. Note that Nessus has not tested for this issue but has instead relied only ...
GO-2022-0635 In-band key negotiation issue in AWS S3 Crypto SDK for golang in github.com/aws/aws-sdk-go
A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. An attacker with write access to the targeted bucket can change the encryption algorithm of an object in the bucket, which can then allow them to change AES-GCM to AES-CTR. Using this i...
AZL-52774 CVE-2024-9355 affecting package golang for versions less than 1.22.9-1
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted...
AZL-37302 CVE-2023-29409 affecting package golang for versions less than 1.21.6-1
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three...
AZL-47146 CVE-2023-29404 affecting package golang for versions less than 1.22.7-2
The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "cgo LDFLAGS" directive. The arguments for a...
AZL-37329 CVE-2023-29402 affecting package golang for versions less than 1.21.6-1
The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved...