rpm package
suse/go1.18&distro=SUSE Linux Enterprise Module for Development Tools 15 SP4
pkg:rpm/suse/go1.18&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4
Vulnerabilities (25)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-28131 | Hig | 7.5 | < 1.18.5-150000.1.25.1 | 1.18.5-150000.1.25.1 | Aug 10, 2022 | Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document. | |
| CVE-2022-1962 | Med | 5.5 | < 1.18.5-150000.1.25.1 | 1.18.5-150000.1.25.1 | Aug 10, 2022 | Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations. | |
| CVE-2022-1705 | Med | 6.5 | < 1.18.5-150000.1.25.1 | 1.18.5-150000.1.25.1 | Aug 10, 2022 | Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid. | |
| CVE-2022-30634 | Hig | 7.5 | < 1.18.3-150000.1.20.1 | 1.18.3-150000.1.20.1 | Jul 15, 2022 | Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes. | |
| CVE-2022-29526 | Med | 5.3 | < 1.18.2-150000.1.17.1 | 1.18.2-150000.1.17.1 | Jun 23, 2022 | Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible. |
- affected < 1.18.5-150000.1.25.1fixed 1.18.5-150000.1.25.1
Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.
- affected < 1.18.5-150000.1.25.1fixed 1.18.5-150000.1.25.1
Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.
- affected < 1.18.5-150000.1.25.1fixed 1.18.5-150000.1.25.1
Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.
- affected < 1.18.3-150000.1.20.1fixed 1.18.3-150000.1.20.1
Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.
- affected < 1.18.2-150000.1.17.1fixed 1.18.2-150000.1.17.1
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.
Page 2 of 2