This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Golang First view 2014-10-07
Product Go Last view 2022-08-10
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* 76
cpe:2.3:a:golang:go:1.1.2:*:*:*:*:*:*:* 74
cpe:2.3:a:golang:go:1.0.2:*:*:*:*:*:*:* 74
cpe:2.3:a:golang:go:1.2:*:*:*:*:*:*:* 74
cpe:2.3:a:golang:go:1.3.1:*:*:*:*:*:*:* 74
cpe:2.3:a:golang:go:1.1.1:*:*:*:*:*:*:* 74
cpe:2.3:a:golang:go:1.2.1:*:*:*:*:*:*:* 74
cpe:2.3:a:golang:go:1.1:*:*:*:*:*:*:* 74
cpe:2.3:a:golang:go:1.2.2:*:*:*:*:*:*:* 74
cpe:2.3:a:golang:go:1.3:*:*:*:*:*:*:* 74
cpe:2.3:a:golang:go:1.0:*:*:*:*:*:*:* 73
cpe:2.3:a:golang:go:1.0.1:*:*:*:*:*:*:* 73
cpe:2.3:a:golang:go:1.4:beta1:*:*:*:*:*:* 73
cpe:2.3:a:golang:go:1.0.3:*:*:*:*:*:*:* 73
cpe:2.3:a:golang:go:1.1:-:*:*:*:*:*:* 73
cpe:2.3:a:golang:go:1.1:rc2:*:*:*:*:*:* 73
cpe:2.3:a:golang:go:1.1:rc3:*:*:*:*:*:* 73
cpe:2.3:a:golang:go:1.2:-:*:*:*:*:*:* 73
cpe:2.3:a:golang:go:1.2:rc2:*:*:*:*:*:* 73
cpe:2.3:a:golang:go:1.2:rc3:*:*:*:*:*:* 73
cpe:2.3:a:golang:go:1.2:rc4:*:*:*:*:*:* 73
cpe:2.3:a:golang:go:1.2:rc5:*:*:*:*:*:* 73
cpe:2.3:a:golang:go:1.3:-:*:*:*:*:*:* 73
cpe:2.3:a:golang:go:1.3:beta1:*:*:*:*:*:* 73
cpe:2.3:a:golang:go:1.3:beta2:*:*:*:*:*:* 73
cpe:2.3:a:golang:go:1.3:rc1:*:*:*:*:*:* 73
cpe:2.3:a:golang:go:1.3:rc2:*:*:*:*:*:* 73
cpe:2.3:a:golang:go:1.3.2:*:*:*:*:*:*:* 73
cpe:2.3:a:golang:go:1.3.3:*:*:*:*:*:*:* 73
cpe:2.3:a:golang:go:1.4:-:*:*:*:*:*:* 73
cpe:2.3:a:golang:go:1.4:rc1:*:*:*:*:*:* 73
cpe:2.3:a:golang:go:1.4.2:*:*:*:*:*:*:* 73
cpe:2.3:a:golang:go:1.4:rc2:*:*:*:*:*:* 73
cpe:2.3:a:golang:go:1.4.1:*:*:*:*:*:*:* 73
cpe:2.3:a:golang:go:1.5:*:*:*:*:*:*:* 71
cpe:2.3:a:golang:go:1.5.1:*:*:*:*:*:*:* 70
cpe:2.3:a:golang:go:1.5:rc1:*:*:*:*:*:* 70
cpe:2.3:a:golang:go:1.5:beta1:*:*:*:*:*:* 70
cpe:2.3:a:golang:go:1.5:beta2:*:*:*:*:*:* 70
cpe:2.3:a:golang:go:1.5:beta3:*:*:*:*:*:* 70
cpe:2.3:a:golang:go:1.4.3:*:*:*:*:*:*:* 70
cpe:2.3:a:golang:go:1.5:-:*:*:*:*:*:* 70
cpe:2.3:a:golang:go:1.5.2:*:*:*:*:*:*:* 70
cpe:2.3:a:golang:go:1.6:*:*:*:*:*:*:* 70
cpe:2.3:a:golang:go:1.5.4:*:*:*:*:*:*:* 69
cpe:2.3:a:golang:go:1.6:rc1:*:*:*:*:*:* 69
cpe:2.3:a:golang:go:1.6:beta2:*:*:*:*:*:* 69
cpe:2.3:a:golang:go:1.6:beta1:*:*:*:*:*:* 69
cpe:2.3:a:golang:go:1.6:-:*:*:*:*:*:* 69
cpe:2.3:a:golang:go:1.5.3:*:*:*:*:*:*:* 69

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.5 2022-08-10 CVE-2022-32189

A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service.

6.5 2022-08-10 CVE-2022-32148

Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header.

7.5 2022-08-10 CVE-2022-30635

Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.

7.5 2022-08-10 CVE-2022-30633

Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag.

7.5 2022-08-10 CVE-2022-30632

Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.

7.5 2022-08-10 CVE-2022-30631

Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files.

7.5 2022-08-10 CVE-2022-30630

Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators.

3.1 2022-08-10 CVE-2022-30629

Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.

7.8 2022-08-10 CVE-2022-30580

Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset.

7.5 2022-08-10 CVE-2022-29804

Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack.

7.5 2022-08-10 CVE-2022-28131

Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.

5.5 2022-08-10 CVE-2022-1962

Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.

6.5 2022-08-10 CVE-2022-1705

Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.

7.5 2022-07-15 CVE-2022-30634

Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.

5.3 2022-06-23 CVE-2022-29526

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.

7.5 2022-04-20 CVE-2022-28327

The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.

7.5 2022-04-20 CVE-2022-27536

Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic.

7.5 2022-04-20 CVE-2022-24675

encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.

7.5 2022-03-05 CVE-2022-24921

regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.

9.1 2022-02-11 CVE-2022-23806

Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.

7.5 2022-02-11 CVE-2022-23773

cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.

7.5 2022-02-11 CVE-2022-23772

Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.

7.5 2022-01-24 CVE-2021-39293

In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196.

4.8 2022-01-01 CVE-2021-44717

Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.

7.5 2022-01-01 CVE-2021-44716

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.

CWE : Common Weakness Enumeration

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
12% (8) CWE-674 Uncontrolled Recursion
10% (7) CWE-295 Certificate Issues
7% (5) CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggli...
7% (5) CWE-20 Improper Input Validation
4% (3) CWE-770 Allocation of Resources Without Limits or Throttling
4% (3) CWE-94 Failure to Control Generation of Code ('Code Injection')
3% (2) CWE-682 Incorrect Calculation
3% (2) CWE-427 Uncontrolled Search Path Element
3% (2) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
3% (2) CWE-362 Race Condition
3% (2) CWE-269 Improper Privilege Management
3% (2) CWE-264 Permissions, Privileges, and Access Controls
1% (1) CWE-769 File Descriptor Exhaustion
1% (1) CWE-668 Exposure of Resource to Wrong Sphere
1% (1) CWE-476 NULL Pointer Dereference
1% (1) CWE-436 Interpretation Conflict
1% (1) CWE-377 Insecure Temporary File
1% (1) CWE-330 Use of Insufficiently Random Values
1% (1) CWE-319 Cleartext Transmission of Sensitive Information
1% (1) CWE-284 Access Control (Authorization) Issues
1% (1) CWE-252 Unchecked Return Value
1% (1) CWE-200 Information Exposure
1% (1) CWE-190 Integer Overflow or Wraparound
1% (1) CWE-129 Improper Validation of Array Index
1% (1) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...

Snort® IPS/IDS

Date Description
2019-05-14 Go binary bll-load exploit attempt
RuleID : 49786 - Type : FILE-OTHER - Revision : 1
2019-05-14 Go binary dll-load exploit attempt
RuleID : 49785 - Type : FILE-OTHER - Revision : 1
2019-05-14 Go binary dll-load exploit attempt
RuleID : 49784 - Type : FILE-OTHER - Revision : 1
2019-05-14 Go binary dll-load exploit attempt
RuleID : 49783 - Type : FILE-OTHER - Revision : 1
2019-05-14 Go binary dll-load exploit attempt
RuleID : 49782 - Type : FILE-OTHER - Revision : 1
2019-05-14 Go binary dll-load exploit attempt
RuleID : 49781 - Type : FILE-OTHER - Revision : 1
2019-04-02 Google Golang GET command injection attempt
RuleID : 49304 - Type : SERVER-OTHER - Revision : 1
2016-07-28 HttpOxy CGI application vulnerability potential man-in-the-middle attempt
RuleID : 39737-community - Type : SERVER-WEBAPP - Revision : 2
2016-08-31 HttpOxy CGI application vulnerability potential man-in-the-middle attempt
RuleID : 39737 - Type : SERVER-WEBAPP - Revision : 2

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-11 Name: The remote Fedora host is missing a security update.
File: fedora_2019-c424e3bb72.nasl - Type: ACT_GATHER_INFO
2019-01-11 Name: The remote Fedora host is missing a security update.
File: fedora_2019-1198005e1f.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-fe65c14082.nasl - Type: ACT_GATHER_INFO
2018-12-24 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201812-09.nasl - Type: ACT_GATHER_INFO
2018-12-17 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1130.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0045.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0039.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-1_0-0117.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-1_0-0123.nasl - Type: ACT_GATHER_INFO
2018-07-24 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-2_0-0034.nasl - Type: ACT_GATHER_INFO
2018-07-24 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-2_0-0026.nasl - Type: ACT_GATHER_INFO
2018-05-11 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1011.nasl - Type: ACT_GATHER_INFO
2018-04-27 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-0878.nasl - Type: ACT_GATHER_INFO
2018-04-16 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201804-12.nasl - Type: ACT_GATHER_INFO
2018-03-27 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-975.nasl - Type: ACT_GATHER_INFO
2018-03-08 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201803-03.nasl - Type: ACT_GATHER_INFO
2018-02-28 Name: The remote Fedora host is missing a security update.
File: fedora_2018-6f08b79a09.nasl - Type: ACT_GATHER_INFO
2018-02-26 Name: The remote Debian host is missing a security update.
File: debian_DLA-1294.nasl - Type: ACT_GATHER_INFO
2018-02-21 Name: The remote Fedora host is missing a security update.
File: fedora_2018-5562b6e2c0.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-f4fc897e8f.nasl - Type: ACT_GATHER_INFO
2017-12-01 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2017-1311.nasl - Type: ACT_GATHER_INFO
2017-11-06 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2017-918.nasl - Type: ACT_GATHER_INFO
2017-10-30 Name: The remote Debian host is missing a security update.
File: debian_DLA-1148.nasl - Type: ACT_GATHER_INFO
2017-10-23 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201710-23.nasl - Type: ACT_GATHER_INFO
2017-10-20 Name: The remote Fedora host is missing a security update.
File: fedora_2017-8f7bca960b.nasl - Type: ACT_GATHER_INFO