Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

51 – 60 of 64 results

CVE-2022-30632

Medium priority
Fixed

Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.

3 affected packages

golang-1.13, golang-1.16, golang-1.18

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-1.13 Fixed Fixed Fixed Fixed
golang-1.16 Not in release Fixed Fixed Ignored
golang-1.18 Fixed Fixed Fixed Not in release
Show less packages

CVE-2022-30631

Medium priority
Fixed

Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files.

3 affected packages

golang-1.13, golang-1.16, golang-1.18

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-1.13 Fixed Fixed Fixed Fixed
golang-1.16 Not in release Fixed Fixed Ignored
golang-1.18 Fixed Fixed Fixed Not in release
Show less packages

CVE-2022-30630

Medium priority

Some fixes available 5 of 7

Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators.

3 affected packages

golang-1.13, golang-1.16, golang-1.18

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-1.13 Not affected Not affected Not affected Not affected
golang-1.16 Not in release Fixed Fixed Ignored
golang-1.18 Fixed Fixed Fixed Not in release
Show less packages

CVE-2022-30629

Medium priority

Some fixes available 10 of 13

Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.

8 affected packages

golang-1.11, golang-1.13, golang-1.15, golang-1.16, golang-1.17...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-1.11
golang-1.13 Not in release Fixed Fixed Fixed Fixed
golang-1.15
golang-1.16 Not in release Not in release Fixed Fixed Ignored
golang-1.17 Not in release Vulnerable
golang-1.18 Not in release Fixed Fixed Fixed Fixed
golang-1.7
golang-1.8 Not affected
Show all 8 packages Show less packages

CVE-2022-30580

Medium priority
Not affected

Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when...

6 affected packages

golang-1.11, golang-1.15, golang-1.17, golang-1.18, golang-1.7, golang-1.8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-1.11
golang-1.15
golang-1.17 Not affected
golang-1.18 Not affected Not affected Not affected
golang-1.7
golang-1.8 Not affected
Show less packages

CVE-2022-29804

Medium priority
Ignored

Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack.

6 affected packages

golang-1.11, golang-1.15, golang-1.17, golang-1.18, golang-1.7, golang-1.8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-1.11
golang-1.15
golang-1.17 Not affected
golang-1.18 Not affected Not affected Not affected
golang-1.7
golang-1.8 Not affected
Show less packages

CVE-2022-28131

Medium priority
Fixed

Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.

3 affected packages

golang-1.13, golang-1.16, golang-1.18

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-1.13 Fixed Fixed Fixed Fixed
golang-1.16 Not in release Fixed Fixed Ignored
golang-1.18 Fixed Fixed Fixed Not in release
Show less packages

CVE-2022-1962

Medium priority
Fixed

Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.

1 affected packages

golang-1.18

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-1.18 Fixed Fixed Fixed Not in release
Show less packages

CVE-2022-1705

Medium priority
Fixed

Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the...

3 affected packages

golang-1.13, golang-1.16, golang-1.18

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-1.13 Fixed Fixed Fixed Fixed
golang-1.16 Not in release Fixed Fixed Ignored
golang-1.18 Fixed Fixed Fixed Not in release
Show less packages

CVE-2022-30634

Medium priority
Needs evaluation

Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.

6 affected packages

golang-1.11, golang-1.15, golang-1.17, golang-1.18, golang-1.7, golang-1.8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-1.11
golang-1.15
golang-1.17 Not in release Needs evaluation
golang-1.18 Not in release Not affected Not affected Not affected Not affected
golang-1.7
golang-1.8 Needs evaluation
Show less packages
  1. Previous page
  2. 3
  3. 4
  4. 5
  5. 6
  6. 7
  7. Next page
Export to JSON