This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Golang First view 2020-11-18
Product Go Last view 2021-05-27
Version 1.15.4 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:golang:go

Activity : Overall

Related : CVE

  Date Alert Description
5.9 2021-05-27 CVE-2021-31525

net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.

7.5 2021-05-26 CVE-2021-33194

golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input.

5.5 2021-03-11 CVE-2021-27919

archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename.

7.5 2021-03-11 CVE-2021-27918

encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.

7.5 2021-01-26 CVE-2021-3115

Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).

6.5 2021-01-26 CVE-2021-3114

In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.

7.5 2021-01-02 CVE-2020-28851

In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)

7.5 2020-11-18 CVE-2020-28362

Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.

CWE : Common Weakness Enumeration

%idName
20% (1) CWE-682 Incorrect Calculation
20% (1) CWE-674 Uncontrolled Recursion
20% (1) CWE-295 Certificate Issues
20% (1) CWE-129 Improper Validation of Array Index
20% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')