Search CVE reports
31 – 40 of 126 results
The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.
16 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | — | — |
| golang-1.10 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.13 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Not in release | Needs evaluation | — |
| golang-1.16 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.17 | Not in release | Not in release | Needs evaluation | — | — |
| golang-1.18 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.20 | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
| golang-1.21 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.22 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.23 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.24 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.25 | Needs evaluation | Not in release | Not in release | — | — |
| golang-1.6 | Not in release | Not in release | Not in release | — | — |
| golang-1.8 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.9 | Not in release | Not in release | Not in release | — | Needs evaluation |
The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.
16 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | — | — |
| golang-1.10 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.13 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Not in release | Needs evaluation | — |
| golang-1.16 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.17 | Not in release | Not in release | Needs evaluation | — | — |
| golang-1.18 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.20 | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
| golang-1.21 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.22 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.23 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.24 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.25 | Needs evaluation | Not in release | Not in release | — | — |
| golang-1.6 | Not in release | Not in release | Not in release | — | — |
| golang-1.8 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.9 | Not in release | Not in release | Not in release | — | Needs evaluation |
When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.
16 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | — | — |
| golang-1.10 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.13 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Not in release | Needs evaluation | — |
| golang-1.16 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.17 | Not in release | Not in release | Needs evaluation | — | — |
| golang-1.18 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.20 | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
| golang-1.21 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.22 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.23 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.24 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.25 | Needs evaluation | Not in release | Not in release | — | — |
| golang-1.6 | Not in release | Not in release | Not in release | — | — |
| golang-1.8 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.9 | Not in release | Not in release | Not in release | — | Needs evaluation |
Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.
16 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | — | — |
| golang-1.10 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.13 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Not in release | Needs evaluation | — |
| golang-1.16 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.17 | Not in release | Not in release | Needs evaluation | — | — |
| golang-1.18 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.20 | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
| golang-1.21 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.22 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.23 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.24 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.25 | Needs evaluation | Not in release | Not in release | — | — |
| golang-1.6 | Not in release | Not in release | Not in release | — | — |
| golang-1.8 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.9 | Not in release | Not in release | Not in release | — | Needs evaluation |
Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.
16 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | — | — |
| golang-1.10 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.13 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Not in release | Needs evaluation | — |
| golang-1.16 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.17 | Not in release | Not in release | Needs evaluation | — | — |
| golang-1.18 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.20 | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
| golang-1.21 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.22 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.23 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.24 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.25 | Needs evaluation | Not in release | Not in release | — | — |
| golang-1.6 | Not in release | Not in release | Not in release | — | — |
| golang-1.8 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.9 | Not in release | Not in release | Not in release | — | Needs evaluation |
Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount...
16 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | — | — |
| golang-1.10 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.13 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Not in release | Needs evaluation | — |
| golang-1.16 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.17 | Not in release | Not in release | Needs evaluation | — | — |
| golang-1.18 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.20 | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
| golang-1.21 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.22 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.23 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.24 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.25 | Needs evaluation | Not in release | Not in release | — | — |
| golang-1.6 | Not in release | Not in release | Not in release | — | — |
| golang-1.8 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.9 | Not in release | Not in release | Not in release | — | Needs evaluation |
Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.
16 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | — | — |
| golang-1.10 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.13 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Not in release | Needs evaluation | — |
| golang-1.16 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.17 | Not in release | Not in release | Needs evaluation | — | — |
| golang-1.18 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.20 | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
| golang-1.21 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.22 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.23 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.24 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.25 | Needs evaluation | Not in release | Not in release | — | — |
| golang-1.6 | Not in release | Not in release | Not in release | — | — |
| golang-1.8 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.9 | Not in release | Not in release | Not in release | — | Needs evaluation |
tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded...
16 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | — | — |
| golang-1.10 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.13 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Not in release | Needs evaluation | — |
| golang-1.16 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.17 | Not in release | Not in release | Needs evaluation | — | — |
| golang-1.18 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.20 | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
| golang-1.21 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.22 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.23 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.24 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.25 | Needs evaluation | Not in release | Not in release | — | — |
| golang-1.6 | Not in release | Not in release | Not in release | — | — |
| golang-1.8 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.9 | Not in release | Not in release | Not in release | — | Needs evaluation |
The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square...
16 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | — | — |
| golang-1.10 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.13 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Not in release | Needs evaluation | — |
| golang-1.16 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.17 | Not in release | Not in release | Needs evaluation | — | — |
| golang-1.18 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.20 | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
| golang-1.21 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.22 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.23 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.24 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.25 | Needs evaluation | Not in release | Not in release | — | — |
| golang-1.6 | Not in release | Not in release | Not in release | — | — |
| golang-1.8 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.9 | Not in release | Not in release | Not in release | — | Needs evaluation |
When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may...
16 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | — | — |
| golang-1.10 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.13 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Not in release | Needs evaluation | — |
| golang-1.16 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.17 | Not in release | Not in release | Needs evaluation | — | — |
| golang-1.18 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.20 | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
| golang-1.21 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.22 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |
| golang-1.23 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.24 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| golang-1.25 | Needs evaluation | Not in release | Not in release | — | — |
| golang-1.6 | Not in release | Not in release | Not in release | — | — |
| golang-1.8 | Not in release | Not in release | Not in release | — | Needs evaluation |
| golang-1.9 | Not in release | Not in release | Not in release | — | Needs evaluation |