Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
GolangGo

17 matches found

CVE
CVEadded 2021/05/27 1:15 p.m.613 views

CVE-2021-31525

net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.

5.9CVSS5.9AI score0.0001EPSS
CVE
CVEadded 2022/12/08 8:15 p.m.546 views

CVE-2022-41717

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate a...

5.3CVSS6.8AI score0.00413EPSS
CVE
CVEadded 2023/03/08 8:15 p.m.514 views

CVE-2023-24532

The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages of crypto/ecdsa or crypto/ecdh.

5.3CVSS6.6AI score0.00024EPSS
CVE
CVEadded 2022/06/23 5:15 p.m.506 views

CVE-2022-29526

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.

5.3CVSS8.3AI score0.00173EPSS
CVE
CVEadded 2023/08/02 8:15 p.m.497 views

CVE-2023-29409

Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to

5.3CVSS6.9AI score0.00082EPSS
CVE
CVEadded 2021/08/08 6:15 a.m.432 views

CVE-2021-36221

Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.

5.9CVSS6.6AI score0.00212EPSS
CVE
CVEadded 2021/08/02 7:15 p.m.398 views

CVE-2021-33197

In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.

5.3CVSS6.4AI score0.00037EPSS
CVE
CVEadded 2023/12/06 5:15 p.m.376 views

CVE-2023-39326

A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1G...

5.3CVSS6.1AI score0.00049EPSS
CVE
CVEadded 2020/07/17 4:15 p.m.374 views

CVE-2020-15586

Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time.

5.9CVSS6.6AI score0.00614EPSS
CVE
CVEadded 2022/08/10 8:15 p.m.321 views

CVE-2022-1962

Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.

5.5CVSS6.7AI score0.00004EPSS
CVE
CVEadded 2024/06/05 4:15 p.m.318 views

CVE-2024-24789

The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects fi...

5.5CVSS6.3AI score0.00006EPSS
CVE
CVEadded 2022/01/01 5:15 a.m.297 views

CVE-2021-44717

Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.

5.8CVSS6.2AI score0.00547EPSS
CVE
CVEadded 2020/07/17 4:15 p.m.152 views

CVE-2020-14039

In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus, X.509 certificate verification is incomplete.

5.3CVSS5.5AI score0.0041EPSS
CVE
CVEadded 2021/03/11 12:15 a.m.148 views

CVE-2021-27919

archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename.

5.5CVSS6AI score0.00132EPSS
CVE
CVEadded 2023/11/09 5:15 p.m.87 views

CVE-2023-45284

On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these...

5.3CVSS6.2AI score0.00019EPSS
CVE
CVEadded 2017/10/05 9:29 p.m.83 views

CVE-2017-15042

An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only be used on network connections secured with TLS. The original implementation of smtp.PlainAuth in Go 1.0 enforced this requirement, and it was documen...

5.9CVSS7AI score0.00151EPSS
CVE
CVEadded 2017/07/06 4:29 p.m.65 views

CVE-2017-8932

A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by s...

5.9CVSS5.6AI score0.02461EPSS