Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
golang vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2021-33194
golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows malicious users to cause a denial of service (infinite loop) via crafted ParseFragment input.
Golang Go
Fedoraproject Fedora 36
NA
CVE-2022-40764
Snyk CLI prior to 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Exploitation could follow from the common practice of viewing untrusted files in the Visual Studio Code editor, for example. The original demonstration was with shel...
Snyk Cli
Snyk Golang Cli
NA
CVE-2023-39325
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the malici...
Golang Http2
Golang Go
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Fedoraproject Fedora 39
Netapp Astra Trident -
Netapp Astra Trident Autosupport -
2 Github repositories
5
CVSSv2
CVE-2021-39293
In archive/zip in Go prior to 1.16.8 and 1.17.x prior to 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196.
Golang Go
Netapp Cloud Insights Telegraf -
7.5
CVSSv2
CVE-2019-14809
net/url in Go prior to 1.11.13 and 1.12.x prior to 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is related to a non-numeric port nu...
Golang Go
Debian Debian Linux 10.0
5.8
CVSSv2
CVE-2021-44717
Go prior to 1.16.12 and 1.17.x prior to 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.
Golang Go
Debian Debian Linux 9.0
5
CVSSv2
CVE-2021-33196
In archive/zip in Go prior to 1.15.13 and 1.16.x prior to 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic.
Golang Go
Debian Debian Linux 9.0
NA
CVE-2022-30634
Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows malicious user to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.
Golang Go
Netapp Cloud Insights Telegraf Agent -
7.5
CVSSv2
CVE-2021-33195
Go prior to 1.15.13 and 1.16.x prior to 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.
Golang Go
Netapp Cloud Insights Telegraf Agent -
NA
CVE-2023-29407
A maliciously-crafted image can cause excessive CPU consumption in decoding. A tiled image with a height of 0 and a very large width can cause excessive CPU consumption, despite the image size (width * height) appearing to be zero.
Golang Image
Fedoraproject Fedora 37
Fedoraproject Fedora 38
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »