Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
golang vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2022-41717
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the s...
Golang Go
Golang Http2
Fedoraproject Fedora 37
Fedoraproject Fedora 38
1 Github repository
7.5
CVSSv3
CVE-2022-27664
In net/http in Go prior to 1.18.6 and 1.19.x prior to 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.
Golang Go 1.19.0
Golang Go
Fedoraproject Fedora 36
Fedoraproject Fedora 37
1 Github repository
5.9
CVSSv3
CVE-2017-8932
A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go prior to 1.7.6 and 1.8.x prior to 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar i...
Golang Go 1.8
Golang Go 1.8.1
Golang Go
Fedoraproject Fedora 25
Novell Suse Package Hub For Suse Linux Enterprise 12
Opensuse Leap 42.2
1 Github repository
7.5
CVSSv3
CVE-2022-32149
An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.
Golang Text
6.1
CVSSv3
CVE-2023-39318
The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to...
Golang Go
7.5
CVSSv3
CVE-2023-39322
QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With fix, connections now consistently reject messages larger than 65KiB in size.
Golang Go
5.3
CVSSv3
CVE-2023-39326
A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of d...
Golang Go
6.1
CVSSv3
CVE-2023-3978
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.
Golang Networking
1 Github repository
7.5
CVSSv3
CVE-2022-2879
Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 Mi...
Golang Go
7.5
CVSSv3
CVE-2022-2880
Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy s...
Golang Go
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »