rpm package
suse/go1.18&distro=SUSE Linux Enterprise Module for Development Tools 15 SP4
pkg:rpm/suse/go1.18&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4
Vulnerabilities (25)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-30632 | — | < 1.18.5-150000.1.25.1 | 1.18.5-150000.1.25.1 | Aug 9, 2022 | Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators. | ||
| CVE-2022-29804 | — | < 1.18.3-150000.1.20.1 | 1.18.3-150000.1.20.1 | Aug 9, 2022 | Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack. | ||
| CVE-2022-28131 | — | < 1.18.5-150000.1.25.1 | 1.18.5-150000.1.25.1 | Aug 9, 2022 | Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document. | ||
| CVE-2022-30634 | — | < 1.18.3-150000.1.20.1 | 1.18.3-150000.1.20.1 | Jul 15, 2022 | Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes. | ||
| CVE-2022-29526 | — | < 1.18.2-150000.1.17.1 | 1.18.2-150000.1.17.1 | Jun 22, 2022 | Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible. |
- CVE-2022-30632Aug 9, 2022affected < 1.18.5-150000.1.25.1fixed 1.18.5-150000.1.25.1
Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.
- CVE-2022-29804Aug 9, 2022affected < 1.18.3-150000.1.20.1fixed 1.18.3-150000.1.20.1
Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack.
- CVE-2022-28131Aug 9, 2022affected < 1.18.5-150000.1.25.1fixed 1.18.5-150000.1.25.1
Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.
- CVE-2022-30634Jul 15, 2022affected < 1.18.3-150000.1.20.1fixed 1.18.3-150000.1.20.1
Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.
- CVE-2022-29526Jun 22, 2022affected < 1.18.2-150000.1.17.1fixed 1.18.2-150000.1.17.1
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.
Page 2 of 2