Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
golang http2 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-1962
Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an malicious user to cause a panic due to stack exhaustion via deeply nested types or declarations.
Golang Go
NA
CVE-2022-30634
Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows malicious user to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.
Golang Go
Netapp Cloud Insights Telegraf Agent -
446
VMScore
CVE-2022-28327
The generic P-256 feature in crypto/elliptic in Go prior to 1.17.9 and 1.18.x prior to 1.18.1 allows a panic via long scalar input.
Golang Go
Fedoraproject Fedora 34
Fedoraproject Extra Packages For Enterprise Linux 8.0
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Extra Packages For Enterprise Linux 7.0
445
VMScore
CVE-2022-24675
encoding/pem in Go prior to 1.17.9 and 1.18.x prior to 1.18.1 has a Decode stack overflow via a large amount of PEM data.
Golang Go
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Netapp Kubernetes Monitoring Operator -
1 Github repository
383
VMScore
CVE-2022-27191
The golang.org/x/crypto/ssh package prior to 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an malicious user to crash a server in certain circumstances involving AddHostKey.
Golang Ssh
Fedoraproject Fedora 34
Fedoraproject Extra Packages For Enterprise Linux 8.0
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Redhat Advanced Cluster Management For Kubernetes 2.0
1 Github repository
445
VMScore
CVE-2022-24921
regexp.Compile in Go prior to 1.16.15 and 1.17.x prior to 1.17.8 allows stack exhaustion via a deeply nested expression.
Golang Go
Netapp Astra Trident -
Debian Debian Linux 9.0
1 Github repository
696
VMScore
CVE-2022-23772
Rat.SetString in math/big in Go prior to 1.16.14 and 1.17.x prior to 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.
Golang Go
Netapp Storagegrid -
Netapp Cloud Insights Telegraf Agent -
Netapp Kubernetes Monitoring Operator -
Netapp Beegfs Csi Driver -
Debian Debian Linux 9.0
5 Github repositories
446
VMScore
CVE-2022-23773
cmd/go in Go prior to 1.16.14 and 1.17.x prior to 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.
Golang Go
Netapp Storagegrid -
Netapp Cloud Insights Telegraf Agent -
Netapp Kubernetes Monitoring Operator -
Netapp Beegfs Csi Driver -
4 Github repositories
571
VMScore
CVE-2022-23806
Curve.IsOnCurve in crypto/elliptic in Go prior to 1.16.14 and 1.17.x prior to 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.
Golang Go
Netapp Storagegrid -
Netapp Cloud Insights Telegraf Agent -
Netapp Kubernetes Monitoring Operator -
Netapp Beegfs Csi Driver -
Debian Debian Linux 9.0
3 Github repositories
446
VMScore
CVE-2021-39293
In archive/zip in Go prior to 1.16.8 and 1.17.x prior to 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196.
Golang Go
Netapp Cloud Insights Telegraf -
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29824
CVE-2024-30095
CVE-2024-30104
client side
CVE-2024-5840
CVE-2024-34405
unprivileged
wireless
CVE-2024-4577
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »