rpm package
suse/go1.18-openssl&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP3
pkg:rpm/suse/go1.18-openssl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3
Vulnerabilities (28)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-28131 | Hig | 7.5 | < 1.18.10.1-150000.1.9.1 | 1.18.10.1-150000.1.9.1 | Aug 10, 2022 | Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document. | |
| CVE-2022-1962 | Med | 5.5 | < 1.18.10.1-150000.1.9.1 | 1.18.10.1-150000.1.9.1 | Aug 10, 2022 | Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations. | |
| CVE-2022-1705 | Med | 6.5 | < 1.18.10.1-150000.1.9.1 | 1.18.10.1-150000.1.9.1 | Aug 10, 2022 | Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid. | |
| CVE-2022-30634 | Hig | 7.5 | < 1.18.10.1-150000.1.9.1 | 1.18.10.1-150000.1.9.1 | Jul 15, 2022 | Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes. | |
| CVE-2022-29526 | Med | 5.3 | < 1.18.10.1-150000.1.9.1 | 1.18.10.1-150000.1.9.1 | Jun 23, 2022 | Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible. | |
| CVE-2022-28327 | Hig | 7.5 | < 1.18.10.1-150000.1.9.1 | 1.18.10.1-150000.1.9.1 | Apr 20, 2022 | The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input. | |
| CVE-2022-27536 | Hig | 7.5 | < 1.18.10.1-150000.1.9.1 | 1.18.10.1-150000.1.9.1 | Apr 20, 2022 | Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic. | |
| CVE-2022-24675 | Hig | 7.5 | < 1.18.10.1-150000.1.9.1 | 1.18.10.1-150000.1.9.1 | Apr 20, 2022 | encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data. |
- affected < 1.18.10.1-150000.1.9.1fixed 1.18.10.1-150000.1.9.1
Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.
- affected < 1.18.10.1-150000.1.9.1fixed 1.18.10.1-150000.1.9.1
Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.
- affected < 1.18.10.1-150000.1.9.1fixed 1.18.10.1-150000.1.9.1
Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.
- affected < 1.18.10.1-150000.1.9.1fixed 1.18.10.1-150000.1.9.1
Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.
- affected < 1.18.10.1-150000.1.9.1fixed 1.18.10.1-150000.1.9.1
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.
- affected < 1.18.10.1-150000.1.9.1fixed 1.18.10.1-150000.1.9.1
The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.
- affected < 1.18.10.1-150000.1.9.1fixed 1.18.10.1-150000.1.9.1
Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic.
- affected < 1.18.10.1-150000.1.9.1fixed 1.18.10.1-150000.1.9.1
encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.
Page 2 of 2