1115 matches found
Important: golang
Issue Overview: A validation flaw was found in golang. When invoking functions from WASM modules built using GOARCH=wasm GOOS=js, passing very large arguments can cause portions of the module to be overwritten with data from the arguments. The highest threat from this vulnerability is to integrit...
[SECURITY] Fedora 36 Update: golang-github-valyala-fasthttp-1.29.0-3.fc36
Fast HTTP package for Go. Tuned for high performance. Zero memory allocations in hot paths. Up to 10x faster than net/http...
[SECURITY] Fedora 36 Update: golang-github-elazarl-bindata-assetfs-1.0.1-9.fc36
Serve embedded files from jteeuwen/go-bindata with net/http...
golang.org/x/net/http/httpguts vulnerable to Uncontrolled Recursion
golang.org/x/net/http/httpguts in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service panic via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations...
Uncontrolled Recursion
net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service panic via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations...
GO-2022-0434 Panic during certificate parsing on Darwin in crypto/x509
Verifying certificate chains containing certificates which are not compliant with RFC 5280 causes Certificate.Verify to panic on macOS. These chains can be delivered through TLS and can cause a crypto/tls or net/http client to crash...
new packages: perl-Net-HTTP
An update is available for perl-Net-HTTP. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...
CVE-2021-44716
There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader function. An attacker who submits specially crafted requests to applications linked with net/http's http2 functionality could cause excessive resource consumption that could lead to a denial of...
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Golang (CVE-2021-33197)
Summary Security Vulnerabilities affect IBM Cloud Private - Golang Vulnerability Details CVEID: CVE-2021-33197 DESCRIPTION: Golang Go could allow a remote attacker to bypass security restrictions, caused by a flaw in the ReverseProxy in net/http/httputil. By sending a specially-crafted request, a...
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Golang (CVE-2021-31525)
Summary Security Vulnerabilities affect IBM Cloud Private - Golang Vulnerability Details CVEID: CVE-2021-31525 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in net/http. By sending a specially-crafted header to ReadRequest or ReadResponse. Server, Transport, and...
EulerOS 2.0 SP10 : golang (EulerOS-SA-2022-1487)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2...
EulerOS 2.0 SP10 : golang (EulerOS-SA-2022-1506)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2...
EulerOS 2.0 SP9 : golang (EulerOS-SA-2022-1428)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header falsely designating that many files are present can cause ...
EulerOS 2.0 SP9 : golang (EulerOS-SA-2022-1449)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header falsely designating that many files are present can cause ...
golang: net/http: limit growth of header canonicalization cache
There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader function. An attacker who submits specially crafted requests to applications linked with net/http's http2 functionality could cause excessive resource consumption that could lead to a denial of...
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2022-1345)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP8 : golang (EulerOS-SA-2022-1345)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2...
golang: net/http: limit growth of header canonicalization cache
There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader function. An attacker who submits specially crafted requests to applications linked with net/http's http2 functionality could cause excessive resource consumption that could lead to a denial of...
Important: Red Hat Security Advisory: Release of containers for OSP 16.2 director operator tech preview
Red Hat OpenStack Platform 16.2 Train director Operator containers are available for technology preview. Release osp-director-operator images Security Fixes: golang: net/http: limit growth of header canonicalization cache CVE-2021-44716 For more details about the security issues, including the...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.10.3 bug fix and security update
Red Hat OpenShift Container Platform release 4.10.3 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a...