4 matches found
CVE-2022-23773
CVE-2022-23773 affects the Go toolchain component cmd/go. Impact: branch names may be misinterpreted as version tags, potentially granting inappropriate access to create branches but not tags. Affected: Go before 1.16.14 and 1.17.x before 1.17.7. Mitigation: upgrade to fixed releases (Go 1.16.14+...
CVE-2022-24675
CVE-2022-24675 affects the encoding/pem component in Go, where Decode can overflow the stack when processing very large PEM data (reported for Go before 1.17.9 and 1.18.x before 1.18.1). The vulnerability can lead to a denial of service through a stack overflow, impacting availability. Affected r...
CVE-2022-23806
CVE-2022-23806 affects Go's crypto/elliptic IsOnCurve, which can incorrectly return true when a big.Int value is not a valid field element. Impact: potential impact to availability and integrity as implied by the vulnerability description. Root cause is an out-of-spec check in IsOnCurve for inval...
CVE-2022-23772
CVE-2022-23772 affects Go (golang) where Rat.SetString in math/big can overflow, leading to uncontrolled memory consumption. Connected advisories confirm this issue alongside other Go vulnerabilities (e.g., CVE-2022-23773, CVE-2022-23806) across multiple Go components (cmd/go, crypto/elliptic, ar...