rpm package
opensuse/go1.13&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/go1.13&distro=openSUSE%20Tumbleweed
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-16845 | — | < 1.13.15-2.6 | 1.13.15-2.6 | Aug 6, 2020 | Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs. | ||
| CVE-2020-14039 | — | < 1.13.15-2.6 | 1.13.15-2.6 | Jul 17, 2020 | In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus, X.509 certificate verification is incomplete. | ||
| CVE-2020-15586 | — | < 1.13.15-2.6 | 1.13.15-2.6 | Jul 17, 2020 | Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time. | ||
| CVE-2019-17596 | — | < 1.13.15-2.6 | 1.13.15-2.6 | Oct 24, 2019 | Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates. | ||
| CVE-2019-16276 | — | < 1.13.15-2.6 | 1.13.15-2.6 | Sep 30, 2019 | Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling. |
- CVE-2020-16845Aug 6, 2020affected < 1.13.15-2.6fixed 1.13.15-2.6
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
- CVE-2020-14039Jul 17, 2020affected < 1.13.15-2.6fixed 1.13.15-2.6
In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus, X.509 certificate verification is incomplete.
- CVE-2020-15586Jul 17, 2020affected < 1.13.15-2.6fixed 1.13.15-2.6
Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time.
- CVE-2019-17596Oct 24, 2019affected < 1.13.15-2.6fixed 1.13.15-2.6
Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.
- CVE-2019-16276Sep 30, 2019affected < 1.13.15-2.6fixed 1.13.15-2.6
Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.