Search CVE reports


Toggle filters

11 – 20 of 45 results


CVE-2023-45288

Medium priority

Some fixes available 7 of 24

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames...

14 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Needs evaluation Needs evaluation
golang-1.13 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Needs evaluation
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation
golang-1.17 Not in release Fixed Not in release
golang-1.18 Not in release Fixed Fixed Fixed Fixed
golang-1.19 Not in release Not in release Not in release
golang-1.20 Not in release Needs evaluation Needs evaluation
golang-1.21 Not affected Fixed Fixed
golang-1.22 Not affected Not affected Not affected
golang-1.6 Not in release Not in release Not in release Needs evaluation
golang-1.8 Not in release Not in release Not in release Needs evaluation
golang-1.9 Not in release Not in release Not in release Needs evaluation
Show all 14 packages Show less packages

CVE-2024-24784

Medium priority

Some fixes available 7 of 24

The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by...

14 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Needs evaluation Needs evaluation
golang-1.13 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Needs evaluation
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation
golang-1.17 Not in release Fixed Not in release
golang-1.18 Not in release Fixed Fixed Fixed Fixed
golang-1.19 Not in release Not in release Not in release
golang-1.20 Not in release Needs evaluation Needs evaluation
golang-1.21 Not affected Fixed Fixed
golang-1.22 Not affected Not affected Not affected
golang-1.6 Not in release Not in release Not in release Needs evaluation
golang-1.8 Not in release Not in release Not in release Needs evaluation
golang-1.9 Not in release Not in release Not in release Needs evaluation
Show all 14 packages Show less packages

CVE-2024-24783

Medium priority

Some fixes available 7 of 24

Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth...

14 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Needs evaluation Needs evaluation
golang-1.13 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Needs evaluation
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation
golang-1.17 Not in release Fixed Not in release
golang-1.18 Not in release Fixed Fixed Fixed Fixed
golang-1.19 Not in release Not in release Not in release
golang-1.20 Not in release Needs evaluation Needs evaluation
golang-1.21 Not affected Fixed Fixed
golang-1.22 Not affected Not affected Not affected
golang-1.6 Not in release Not in release Not in release Needs evaluation
golang-1.8 Not in release Not in release Not in release Needs evaluation
golang-1.9 Not in release Not in release Not in release Needs evaluation
Show all 14 packages Show less packages

CVE-2023-45290

Medium priority

Some fixes available 7 of 24

When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to...

14 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Needs evaluation Needs evaluation
golang-1.13 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Needs evaluation
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation
golang-1.17 Not in release Fixed Not in release
golang-1.18 Not in release Fixed Fixed Fixed Fixed
golang-1.19 Not in release Not in release Not in release
golang-1.20 Not in release Needs evaluation Needs evaluation
golang-1.21 Not affected Fixed Fixed
golang-1.22 Not affected Not affected Not affected
golang-1.6 Not in release Not in release Not in release Needs evaluation
golang-1.8 Not in release Not in release Not in release Needs evaluation
golang-1.9 Not in release Not in release Not in release Needs evaluation
Show all 14 packages Show less packages

CVE-2023-45289

Medium priority

Some fixes available 2 of 24

When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from...

14 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Needs evaluation Needs evaluation
golang-1.13 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Needs evaluation
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation
golang-1.17 Not in release Needs evaluation Not in release
golang-1.18 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
golang-1.19 Not in release Not in release Not in release
golang-1.20 Not in release Needs evaluation Needs evaluation
golang-1.21 Not affected Fixed Fixed
golang-1.22 Not affected Not affected Not affected
golang-1.6 Not in release Not in release Not in release Needs evaluation
golang-1.8 Not in release Not in release Not in release Needs evaluation
golang-1.9 Not in release Not in release Not in release Needs evaluation
Show all 14 packages Show less packages

CVE-2023-45285

Medium priority

Some fixes available 8 of 9

Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for...

3 affected packages

golang-1.19, golang-1.20, golang-1.21

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-1.19 Not in release Not in release Not in release Ignored Ignored
golang-1.20 Not in release Fixed Fixed Ignored Ignored
golang-1.21 Not affected Fixed Fixed Ignored Ignored
Show less packages

CVE-2023-39326

Medium priority

Some fixes available 8 of 9

A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause...

3 affected packages

golang-1.19, golang-1.20, golang-1.21

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-1.19 Not in release Not in release Not in release Ignored Ignored
golang-1.20 Not in release Fixed Fixed Ignored Ignored
golang-1.21 Not affected Fixed Fixed Ignored Ignored
Show less packages

CVE-2023-45287

Medium priority
Needs evaluation

Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it...

2 affected packages

golang-1.19, golang-1.20

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-1.19 Not in release Not in release Not in release Ignored Ignored
golang-1.20 Not in release Needs evaluation Needs evaluation Ignored Ignored
Show less packages

CVE-2023-45284

Medium priority
Needs evaluation

On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3,...

13 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang Not in release Not in release Not in release Ignored Ignored
golang-1.10 Not in release Not in release Not in release Needs evaluation Needs evaluation
golang-1.13 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Needs evaluation Not in release Not in release
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation Not in release
golang-1.17 Not in release Needs evaluation Not in release Not in release Not in release
golang-1.18 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
golang-1.19 Not in release Not in release Not in release Not in release Not in release
golang-1.20 Not in release Not affected Not affected Not in release Not in release
golang-1.21 Not affected Not affected Not affected Not in release Not in release
golang-1.6 Not in release Not in release Not in release Not in release Needs evaluation
golang-1.8 Not in release Not in release Not in release Needs evaluation Not in release
golang-1.9 Not in release Not in release Not in release Needs evaluation Not in release
Show all 13 packages Show less packages

CVE-2023-45283

Medium priority
Needs evaluation

The filepath package does not recognize paths with a \??\ prefix as special. On Windows, a path beginning with \??\ is a Root Local Device path equivalent to a path beginning with \\?\. Paths with a \??\ prefix may be used to...

13 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang Not in release Not in release Not in release Ignored Ignored
golang-1.10 Not in release Not in release Not in release Needs evaluation Needs evaluation
golang-1.13 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Needs evaluation Not in release Not in release
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation Not in release
golang-1.17 Not in release Needs evaluation Not in release Not in release Not in release
golang-1.18 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
golang-1.19 Not in release Not in release Not in release Not in release Not in release
golang-1.20 Not in release Not affected Not affected Not in release Not in release
golang-1.21 Not affected Not affected Not affected Not in release Not in release
golang-1.6 Not in release Not in release Not in release Not in release Needs evaluation
golang-1.8 Not in release Not in release Not in release Needs evaluation Not in release
golang-1.9 Not in release Not in release Not in release Needs evaluation Not in release
Show all 13 packages Show less packages