CVE-2026-33811

A flaw was found in the net package of Go golang, specifically when using the LookupCNAME function with the cgo DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name CNAME response. This can trigger a double-free of C memory, leading to a crash and a Denial of...

ROOT-APP-GOBINARY-CVE-2025-22872 CVE-2025-22872 in rootio-golang.org/x/net - Patched by Root

Root has patched CVE-2025-22872 in the rootio-golang.org/x/net package for Root:Go. Multiple fixed versions available...

CVE-2026-39836 Panic in Dial and LookupPort when handling NUL byte on Windows in net

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL 0...

Heap-based Buffer Overflow

Overview Magick.NET-Q16-HDRI-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via httprequester.go and httpdownloader.go‎. An attacker can access internal network resources and exfiltrate sensitive data by crafting malicious promotion templates or Promotion resources that trigger...

Use After Free

Overview Magick.NET-Q16-HDRI-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

Photon OS 4.0: Net PHSA-2026-4.0-0946

An update of the net package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-0946. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid29724...

Photon OS 5.0: Net PHSA-2026-5.0-0726

An update of the net package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0726. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid28184...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses golang.org/x/net-v0.21.0, golang.org/x/net-v0.33.0, golang.org/x/net-v0.34.0 which is vulnerable to this CVE-2025-22870

Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses golang.org/x/net-v0.21.0, golang.org/x/net-v0.33.0, golang.org/x/net-v0.34.0 which is vulnerable to this CVE-2025-22870 Vulnerability Details CVEID:CVE-2025-22870 DESCRIPTION: Matching of hosts against prox...

Linux Distros Unpatched Vulnerability : CVE-2025-37879

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - 9p/net: fix improper handling of bogus negative read/write replies In p9clientwrite and p9clientreadonce, if the server incorrectly replies with success but a...

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

Security Bulletin: IBM Cloud Pak for Data is vulnerable to Inefficient Regular Expression Complexity due to golang/net package ( CVE-2024-45338 )

Summary Potential vulnerabilities in golang/net package CVE-2024-45338 has been identified that may affect IBM Cloud Pak for Data. Vulnerability Details CVEID:CVE-2024-45338 DESCRIPTION: An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its...

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

golang: net: malformed DNS message can cause infinite loop

A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service DoS conditions...

Malicious code in commons-net (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 01fc821715d3f327c2080415c9a3db5c0f95a8a9f36135b0e6efb377796227da Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

golang: net: malformed DNS message can cause infinite loop

A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service DoS conditions...

golang: net: malformed DNS message can cause infinite loop

A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service DoS conditions...

golang: net: malformed DNS message can cause infinite loop

A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service DoS conditions...

golang: net: malformed DNS message can cause infinite loop

A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service DoS conditions...