Go@1.12 Security Vulnerabilities and Issues — Go@1.12 CVE List

Lucene search

GolangGo1.12

4 matches found

CVE•added 2020/01/14 11:15 p.m.•1318 views

CVE-2020-0601

A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, l...

8.1CVSS7.6AI score0.94034EPSS

In wild

CVE•added 2020/03/16 9:15 p.m.•384 views

CVE-2020-7919

Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate.

7.8CVSS7.3AI score0.00627EPSS

CVE•added 2019/10/24 10:15 p.m.•264 views

CVE-2019-17596

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.

7.5CVSS7.3AI score0.0234EPSS

CVE•added 2019/03/08 3:29 p.m.•59 views

CVE-2019-9634

Go through 1.12 on Windows misuses certain LoadLibrary functionality, leading to DLL injection.

7.8CVSS7.8AI score0.00563EPSS