VYPR

rpm package

suse/go1.16&distro=SUSE Enterprise Storage 7

pkg:rpm/suse/go1.16&distro=SUSE%20Enterprise%20Storage%207

Vulnerabilities (6)

  • CVE-2022-24921HigMar 5, 2022
    affected < 1.16.15-150000.1.46.1fixed 1.16.15-150000.1.46.1

    regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.

  • CVE-2022-23806CriFeb 11, 2022
    affected < 1.16.14-1.43.1fixed 1.16.14-1.43.1

    Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.

  • CVE-2022-23773HigFeb 11, 2022
    affected < 1.16.14-1.43.1fixed 1.16.14-1.43.1

    cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.

  • CVE-2022-23772HigFeb 11, 2022
    affected < 1.16.14-1.43.1fixed 1.16.14-1.43.1

    Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.

  • CVE-2021-44717MedJan 1, 2022
    affected < 1.16.12-1.37.2fixed 1.16.12-1.37.2

    Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.

  • CVE-2021-44716HigJan 1, 2022
    affected < 1.16.12-1.37.2fixed 1.16.12-1.37.2

    net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.