Go Security Vulnerabilities and Issues — Go CVE List

Lucene search

GolangGo

3 matches found

CVE•added 2022/01/01 5:15 a.m.•341 views

CVE-2021-44716

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.

7.5CVSS7.6AI score0.00036EPSS

CVE•added 2022/01/01 5:15 a.m.•301 views

CVE-2021-44717

Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.

5.8CVSS6.2AI score0.00547EPSS

CVE•added 2022/01/24 1:15 a.m.•263 views

CVE-2021-39293

In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196.

7.5CVSS7.7AI score0.00022EPSS