Go@1.21.0 Security Vulnerabilities and Issues — Go@1.21.0 CVE List

Lucene search

GolangGo1.21.0

9 matches found

CVE•added 2023/10/10 2:15 p.m.•4726 views

CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

7.5CVSS8AI score0.94437EPSS

In wildWeb

CVE•added 2023/10/11 10:15 p.m.•3137 views

CVE-2023-39325

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new ...

7.5CVSS7.3AI score0.0015EPSS

CVE•added 2023/08/02 8:15 p.m.•552 views

CVE-2023-29409

Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to

5.3CVSS6.9AI score0.00112EPSS

CVE•added 2023/10/05 9:15 p.m.•471 views

CVE-2023-39323

Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path o...

8.1CVSS8.3AI score0.0006EPSS

CVE•added 2023/09/08 5:15 p.m.•457 views

CVE-2023-39321

Processing an incomplete post-handshake message for a QUIC connection can cause a panic.

7.5CVSS7.9AI score0.00041EPSS

CVE•added 2023/09/08 5:15 p.m.•450 views

CVE-2023-39319

The html/template package does not apply the proper rules for handling occurrences of "

6.1CVSS7.1AI score0.00062EPSS

CVE•added 2023/09/08 5:15 p.m.•437 views

CVE-2023-39318

The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in [removed] contexts. This may cause the template parser to improperly interpret the contents of [removed] contexts, causing actions to be improperly escaped. This may be leveraged to ...

6.1CVSS7AI score0.00062EPSS

CVE•added 2023/09/08 5:15 p.m.•433 views

CVE-2023-39322

QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With fix, connections now consistently reject messages larger than 65KiB in size.

7.5CVSS7.6AI score0.00041EPSS

CVE•added 2023/09/08 5:15 p.m.•409 views

CVE-2023-39320

The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules downlo...

9.8CVSS9.6AI score0.0059EPSS