Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
golang crypto vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv2
CVE-2022-23772
Rat.SetString in math/big in Go prior to 1.16.14 and 1.17.x prior to 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.
Golang Go
Netapp Storagegrid -
Netapp Cloud Insights Telegraf Agent -
Netapp Kubernetes Monitoring Operator -
Netapp Beegfs Csi Driver -
Debian Debian Linux 9.0
5 Github repositories
7.8
CVSSv2
CVE-2020-7919
Go prior to 1.12.16 and 1.13.x prior to 1.13.7 (and the crypto/cryptobyte package prior to 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate.
Golang Go
Debian Debian Linux 10.0
Fedoraproject Fedora 31
Netapp Cloud Insights Telegraf -
7.8
CVSSv2
CVE-2018-16875
The crypto/x509 package of Go prior to 1.10.6 and 1.11.x prior to 1.11.3 does not limit the amount of work performed for each chain verification, which might allow malicious users to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client cer...
Golang Go
Opensuse Leap 42.3
1 Github repository
7.5
CVSSv2
CVE-2021-38297
Go prior to 1.16.9 and 1.17.x prior to 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used.
Golang Go
Fedoraproject Fedora 34
Fedoraproject Fedora 35
2 Github repositories
7.5
CVSSv2
CVE-2021-33195
Go prior to 1.15.13 and 1.16.x prior to 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.
Golang Go
Netapp Cloud Insights Telegraf Agent -
6.8
CVSSv2
CVE-2018-16873
In Go prior to 1.10.6 and 1.11.x prior to 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vuln...
Golang Go
Opensuse Leap 42.3
Opensuse Leap 15.0
Opensuse Leap 15.1
Suse Linux Enterprise Server 12
Opensuse Backports Sle 15.0
Debian Debian Linux 9.0
1 Github repository
6.8
CVSSv2
CVE-2018-16874
In Go prior to 1.10.6 and 1.11.x prior to 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is on...
Golang Go
Opensuse Leap 42.3
Opensuse Leap 15.0
Opensuse Leap 15.1
Suse Linux Enterprise Server 12
Opensuse Backports Sle 15.0
Debian Debian Linux 9.0
6.8
CVSSv2
CVE-2017-3204
The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism.
Golang Crypto
1 Github repository
6.4
CVSSv2
CVE-2022-1996
Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.
Go-restful Project Go-restful
Fedoraproject Fedora 35
Fedoraproject Fedora 36
1 Github repository
6.4
CVSSv2
CVE-2022-23806
Curve.IsOnCurve in crypto/elliptic in Go prior to 1.16.14 and 1.17.x prior to 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.
Golang Go
Netapp Storagegrid -
Netapp Cloud Insights Telegraf Agent -
Netapp Kubernetes Monitoring Operator -
Netapp Beegfs Csi Driver -
Debian Debian Linux 9.0
3 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »