rpm package
suse/go1.18&distro=SUSE Linux Enterprise Module for Development Tools 15 SP3
pkg:rpm/suse/go1.18&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3
Vulnerabilities (25)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-30634 | — | < 1.18.3-150000.1.20.1 | 1.18.3-150000.1.20.1 | Jul 15, 2022 | Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes. | ||
| CVE-2022-29526 | — | < 1.18.2-150000.1.17.1 | 1.18.2-150000.1.17.1 | Jun 22, 2022 | Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible. | ||
| CVE-2022-28327 | — | < 1.18.1-150000.1.11.1 | 1.18.1-150000.1.11.1 | Apr 20, 2022 | The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input. | ||
| CVE-2022-27536 | — | < 1.18.1-150000.1.11.1 | 1.18.1-150000.1.11.1 | Apr 20, 2022 | Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic. | ||
| CVE-2022-24675 | — | < 1.18.1-150000.1.11.1 | 1.18.1-150000.1.11.1 | Apr 20, 2022 | encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data. |
- CVE-2022-30634Jul 15, 2022affected < 1.18.3-150000.1.20.1fixed 1.18.3-150000.1.20.1
Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.
- CVE-2022-29526Jun 22, 2022affected < 1.18.2-150000.1.17.1fixed 1.18.2-150000.1.17.1
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.
- CVE-2022-28327Apr 20, 2022affected < 1.18.1-150000.1.11.1fixed 1.18.1-150000.1.11.1
The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.
- CVE-2022-27536Apr 20, 2022affected < 1.18.1-150000.1.11.1fixed 1.18.1-150000.1.11.1
Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic.
- CVE-2022-24675Apr 20, 2022affected < 1.18.1-150000.1.11.1fixed 1.18.1-150000.1.11.1
encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.
Page 2 of 2