Search CVE reports

Toggle filters

11 – 19 of 19 results

CVE-2022-41723

Medium priority

Some fixes available 12 of 31

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.

16 affected packages

golang-golang-x-net, google-guest-agent, containerd, golang, golang-1.6...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-golang-x-net Not affected Vulnerable Not in release Not in release
google-guest-agent Fixed Fixed Fixed Vulnerable
containerd Not affected Not affected Not affected Not affected
golang Not in release Not in release Not in release Not in release
golang-1.6 Not in release Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Vulnerable
golang-1.9 Not in release Not in release Not in release Vulnerable
golang-1.10 Not in release Not in release Not in release Vulnerable
golang-1.13 Not in release Vulnerable Vulnerable Vulnerable
golang-1.14 Not in release Not in release Vulnerable Not in release
golang-1.16 Not in release Not in release Vulnerable Vulnerable
golang-1.17 Not in release Fixed Not in release Not in release
golang-1.18 Not in release Fixed Fixed Fixed
golang-1.19 Not in release Not in release Not in release Not in release
golang-1.20 Not in release Not affected Not affected Not in release
golang-1.21 Not affected Not affected Not affected Not in release
Show all 16 packages Show less packages

CVE-2022-41721

Medium priority
Ignored

A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead...

2 affected packages

golang-golang-x-net, google-guest-agent

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-golang-x-net Not affected Not in release Not in release
google-guest-agent Not affected Not affected Not affected
Show less packages

CVE-2022-27664

Medium priority

Some fixes available 17 of 34

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.

14 affected packages

golang-1.13, golang-1.14, golang-1.16, golang-1.17, golang-1.18...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.13 Not in release Fixed Fixed Fixed
golang-1.14 Not in release Vulnerable Not in release
golang-1.16 Not in release Fixed Fixed
golang-1.17 Vulnerable Not in release Not in release
golang-1.18 Not in release Fixed Fixed Fixed
golang-1.6 Not in release Not in release Not in release
golang-1.8 Not in release Not in release Vulnerable
golang-1.9 Not in release Not in release Vulnerable
golang Not in release Not in release Not in release
golang-1.10 Not in release Not in release Vulnerable
golang-golang-x-net Not affected Vulnerable Not in release Not in release
google-guest-agent Fixed Fixed Fixed Needs evaluation
containerd Not affected Not affected Not affected Not affected
golang-golang-x-net-dev Not in release Not in release Needs evaluation Needs evaluation
Show all 14 packages Show less packages

CVE-2022-29583

Medium priority
Ignored

service_windows.go in the kardianos service package for Go omits quoting that is sometimes needed for execution of a Windows service executable from the intended directory. NOTE: this finding could not be reproduced by...

2 affected packages

golang-github-kardianos-service, google-guest-agent

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-github-kardianos-service Not affected Not affected Not in release
google-guest-agent Not affected Not affected Not affected
Show less packages

CVE-2021-44716

Medium priority

Some fixes available 7 of 23

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.

8 affected packages

golang-1.11, golang-1.17, golang-1.7, golang-1.8, golang-golang-x-net...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.11 Not in release Not in release Not in release Not in release
golang-1.17 Not in release Vulnerable Not in release Not in release
golang-1.7 Not in release Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Vulnerable
golang-golang-x-net Not affected Not affected Not in release Not in release
golang-golang-x-net-dev Not in release Not in release Vulnerable Vulnerable
google-guest-agent Fixed Fixed Fixed Vulnerable
golang-1.15 Not in release Not in release
Show all 8 packages Show less packages

CVE-2021-31525

Low priority
Needs evaluation

net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some...

6 affected packages

golang-1.11, golang-1.15, golang-1.16, golang-golang-x-net, golang-golang-x-net-dev, google-guest-agent

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.11 Not in release Not in release Not in release Not in release
golang-1.15 Not in release Not in release
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation
golang-golang-x-net Not affected Not affected Not in release Not in release
golang-golang-x-net-dev Not in release Not in release Needs evaluation Needs evaluation
google-guest-agent Not affected Not affected Not affected Not affected
Show less packages

CVE-2021-33194

Medium priority
Needs evaluation

golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input.

3 affected packages

golang-golang-x-net-dev, google-guest-agent, golang-golang-x-net

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-golang-x-net-dev Not in release Not in release Needs evaluation Needs evaluation
google-guest-agent Not affected Not affected Not affected Not affected
golang-golang-x-net Needs evaluation Needs evaluation Not in release Not in release
Show less packages

CVE-2020-28852

Low priority

Some fixes available 3 of 9

In x/text in Go before v0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)

3 affected packages

google-guest-agent, golang-x-text, golang-golang-x-text

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
google-guest-agent Not affected Not affected Not affected Not affected
golang-x-text Not in release Not in release Vulnerable Fixed
golang-golang-x-text Not affected Not affected Fixed Not in release
Show less packages

CVE-2020-28851

Low priority

Some fixes available 3 of 10

In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)

3 affected packages

google-guest-agent, golang-x-text, golang-golang-x-text

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
google-guest-agent Not affected Not affected Not affected Not affected
golang-x-text Not in release Not in release Vulnerable Fixed
golang-golang-x-text Not affected Not affected Fixed Not in release
Show less packages
  1. Previous page
  2. 1
  3. 2
  4. Next page
Export to JSON