rpm package
suse/go1.18-openssl&distro=SUSE Linux Enterprise Server 15 SP3-LTSS
pkg:rpm/suse/go1.18-openssl&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS
Vulnerabilities (28)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-30632 | — | < 1.18.10.1-150000.1.9.1 | 1.18.10.1-150000.1.9.1 | Aug 9, 2022 | Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators. | ||
| CVE-2022-29804 | — | < 1.18.10.1-150000.1.9.1 | 1.18.10.1-150000.1.9.1 | Aug 9, 2022 | Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack. | ||
| CVE-2022-28131 | — | < 1.18.10.1-150000.1.9.1 | 1.18.10.1-150000.1.9.1 | Aug 9, 2022 | Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document. | ||
| CVE-2022-30634 | — | < 1.18.10.1-150000.1.9.1 | 1.18.10.1-150000.1.9.1 | Jul 15, 2022 | Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes. | ||
| CVE-2022-29526 | — | < 1.18.10.1-150000.1.9.1 | 1.18.10.1-150000.1.9.1 | Jun 22, 2022 | Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible. | ||
| CVE-2022-28327 | — | < 1.18.10.1-150000.1.9.1 | 1.18.10.1-150000.1.9.1 | Apr 20, 2022 | The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input. | ||
| CVE-2022-27536 | — | < 1.18.10.1-150000.1.9.1 | 1.18.10.1-150000.1.9.1 | Apr 20, 2022 | Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic. | ||
| CVE-2022-24675 | — | < 1.18.10.1-150000.1.9.1 | 1.18.10.1-150000.1.9.1 | Apr 20, 2022 | encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data. |
- CVE-2022-30632Aug 9, 2022affected < 1.18.10.1-150000.1.9.1fixed 1.18.10.1-150000.1.9.1
Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.
- CVE-2022-29804Aug 9, 2022affected < 1.18.10.1-150000.1.9.1fixed 1.18.10.1-150000.1.9.1
Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack.
- CVE-2022-28131Aug 9, 2022affected < 1.18.10.1-150000.1.9.1fixed 1.18.10.1-150000.1.9.1
Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.
- CVE-2022-30634Jul 15, 2022affected < 1.18.10.1-150000.1.9.1fixed 1.18.10.1-150000.1.9.1
Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.
- CVE-2022-29526Jun 22, 2022affected < 1.18.10.1-150000.1.9.1fixed 1.18.10.1-150000.1.9.1
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.
- CVE-2022-28327Apr 20, 2022affected < 1.18.10.1-150000.1.9.1fixed 1.18.10.1-150000.1.9.1
The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.
- CVE-2022-27536Apr 20, 2022affected < 1.18.10.1-150000.1.9.1fixed 1.18.10.1-150000.1.9.1
Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic.
- CVE-2022-24675Apr 20, 2022affected < 1.18.10.1-150000.1.9.1fixed 1.18.10.1-150000.1.9.1
encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.
Page 2 of 2