rpm package
suse/go1.17&distro=SUSE Linux Enterprise Module for Development Tools 15 SP3
pkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3
Vulnerabilities (27)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-23772 | Hig | 7.5 | < 1.17.7-1.20.1 | 1.17.7-1.20.1 | Feb 11, 2022 | Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. | |
| CVE-2021-39293 | Hig | 7.5 | < 1.17.1-1.3.1 | 1.17.1-1.3.1 | Jan 24, 2022 | In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196. | |
| CVE-2021-44717 | Med | 4.8 | < 1.17.5-1.14.2 | 1.17.5-1.14.2 | Jan 1, 2022 | Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion. | |
| CVE-2021-44716 | Hig | 7.5 | < 1.17.5-1.14.2 | 1.17.5-1.14.2 | Jan 1, 2022 | net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests. | |
| CVE-2021-41772 | Hig | 7.5 | < 1.17.3-1.9.1 | 1.17.3-1.9.1 | Nov 8, 2021 | Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field. | |
| CVE-2021-41771 | Hig | 7.5 | < 1.17.3-1.9.1 | 1.17.3-1.9.1 | Nov 8, 2021 | ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation. | |
| CVE-2021-38297 | Cri | 9.8 | < 1.17.2-1.6.2 | 1.17.2-1.6.2 | Oct 18, 2021 | Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used. |
- affected < 1.17.7-1.20.1fixed 1.17.7-1.20.1
Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.
- affected < 1.17.1-1.3.1fixed 1.17.1-1.3.1
In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196.
- affected < 1.17.5-1.14.2fixed 1.17.5-1.14.2
Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.
- affected < 1.17.5-1.14.2fixed 1.17.5-1.14.2
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.
- affected < 1.17.3-1.9.1fixed 1.17.3-1.9.1
Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.
- affected < 1.17.3-1.9.1fixed 1.17.3-1.9.1
ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.
- affected < 1.17.2-1.6.2fixed 1.17.2-1.6.2
Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used.
Page 2 of 2