Rocky Linux 8 : go-toolset:rhel8 (RLSA-2022:5337)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:5337 advisory. - encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data. CVE-2022-24675 - regexp.Compile ...

Debian dla-3395 : golang-1.11 - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3395 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3395-2 [email protected] https://www.debian.org/lts/security/...

CVE-2022-39278

CVE-2022-39278 affects Istio across multiple releases (notably Istio 1.15.2, 1.14.5, 1.13.9) where the control plane istiod is vulnerable to a request-processing error caused by an inefficient Go regexp.Compile, leading to a crash when a specially crafted or oversized message is sent to the publi...

EulerOS 2.0 SP9 : golang (EulerOS-SA-2022-1865)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2022-1805)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP10 : golang (EulerOS-SA-2022-1805)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption...

Oracle Linux 7 / 8 : olcne / istio / istio (ELSA-2022-9363)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9363 advisory. - Addresses CVE-2022-24726, CVE-2022-24921 istio Tenable has extracted the preceding description block directly from the Oracle Linux security...

Oracle Linux 7 / 8 : olcne / istio / istio (ELSA-2022-9362)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9362 advisory. - Addresses CVE-2022-24726, CVE-2022-24921 istio Tenable has extracted the preceding description block directly from the Oracle Linux security...

Debian DLA-2986-1 : golang-1.8 - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2986 advisory. - Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. CVE-2022-23772 -...

Debian DLA-2985-1 : golang-1.7 - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2985 advisory. Several vulnerabilities were discovered in the Go programming language. An attacker could trigger a denial-of-service DoS or invalid cryptographic computation...

EulerOS 2.0 SP8 : golang (EulerOS-SA-2022-1566)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header falsely designating that many files are present can cause ...

EulerOS 2.0 SP5 : golang (EulerOS-SA-2022-1534)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header falsely designating that many files are present can cause ...

SUSE SLED15 / SLES15 Security Update : go1.17 (SUSE-SU-2022:1167-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1167-1 advisory. - regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression...

Updated golang packages fix security vulnerability

On 64-bit platforms, an extremely deeply nested expression can cause regexp.Compile to cause goroutine stack exhaustion, forcing the program to exit. Note this applies to very large expressions, on the order of 2MB. CVE-2022-24921...

CVE-2022-24921

regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression...

CVE-2022-24921

regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression...

CVE-2022-24921

regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression...