rpm package
suse/go1.17&distro=SUSE Linux Enterprise Module for Development Tools 15 SP3
pkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3
Vulnerabilities (27)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-23806 | — | < 1.17.7-1.20.1 | 1.17.7-1.20.1 | Feb 11, 2022 | Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element. | ||
| CVE-2021-39293 | — | < 1.17.1-1.3.1 | 1.17.1-1.3.1 | Jan 24, 2022 | In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196. | ||
| CVE-2021-44717 | — | < 1.17.5-1.14.2 | 1.17.5-1.14.2 | Jan 1, 2022 | Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion. | ||
| CVE-2021-44716 | — | < 1.17.5-1.14.2 | 1.17.5-1.14.2 | Jan 1, 2022 | net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests. | ||
| CVE-2021-41772 | — | < 1.17.3-1.9.1 | 1.17.3-1.9.1 | Nov 8, 2021 | Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field. | ||
| CVE-2021-41771 | — | < 1.17.3-1.9.1 | 1.17.3-1.9.1 | Nov 8, 2021 | ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation. | ||
| CVE-2021-38297 | — | < 1.17.2-1.6.2 | 1.17.2-1.6.2 | Oct 18, 2021 | Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used. |
- CVE-2022-23806Feb 11, 2022affected < 1.17.7-1.20.1fixed 1.17.7-1.20.1
Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.
- CVE-2021-39293Jan 24, 2022affected < 1.17.1-1.3.1fixed 1.17.1-1.3.1
In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196.
- CVE-2021-44717Jan 1, 2022affected < 1.17.5-1.14.2fixed 1.17.5-1.14.2
Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.
- CVE-2021-44716Jan 1, 2022affected < 1.17.5-1.14.2fixed 1.17.5-1.14.2
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.
- CVE-2021-41772Nov 8, 2021affected < 1.17.3-1.9.1fixed 1.17.3-1.9.1
Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.
- CVE-2021-41771Nov 8, 2021affected < 1.17.3-1.9.1fixed 1.17.3-1.9.1
ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.
- CVE-2021-38297Oct 18, 2021affected < 1.17.2-1.6.2fixed 1.17.2-1.6.2
Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used.
Page 2 of 2