Go@1.16.0 Security Vulnerabilities and Issues — Go@1.16.0 CVE List

Lucene search

GolangGo1.16.0

10 matches found

CVE•added 2021/05/27 1:15 p.m.•669 views

CVE-2021-31525

net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.

5.9CVSS5.9AI score0.0001EPSS

CVE•added 2021/07/15 2:15 p.m.•583 views

CVE-2021-34558

The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.

6.5CVSS7AI score0.01475EPSS

CVE•added 2021/05/26 3:15 p.m.•523 views

CVE-2021-33194

golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input.

7.5CVSS7.1AI score0.00036EPSS

CVE•added 2021/08/08 6:15 a.m.•455 views

CVE-2021-36221

Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.

5.9CVSS6.6AI score0.00173EPSS

CVE•added 2021/08/02 7:15 p.m.•425 views

CVE-2021-33195

Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.

7.5CVSS7.6AI score0.00035EPSS

CVE•added 2021/08/02 7:15 p.m.•417 views

CVE-2021-33197

In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.

5.3CVSS6.4AI score0.00037EPSS

CVE•added 2021/08/02 7:15 p.m.•407 views

CVE-2021-33196

In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic.

7.5CVSS7.6AI score0.00022EPSS

CVE•added 2021/08/02 7:15 p.m.•389 views

CVE-2021-33198

In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.

7.5CVSS7.5AI score0.00031EPSS

CVE•added 2021/03/11 12:15 a.m.•368 views

CVE-2021-27918

encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.

7.5CVSS7.4AI score0.00028EPSS

CVE•added 2021/03/11 12:15 a.m.•150 views

CVE-2021-27919

archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename.

5.5CVSS6AI score0.00132EPSS