golang.org x net vulnerabilities and exploits

(subscribe to this query)

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.

Golang.org/x/net Golang.org/x/net/http/httpproxy Golang.org/x/net Golang.org/x/net/proxy

1 Github repository

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

Golang.org/x/net Golang.org/x/net/html

4 Github repositories

golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows malicious users to cause a denial of service (infinite loop) via crafted ParseFragment input.

Golang Go Fedoraproject Fedora 36

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH prior to 9.6 and other products, allows remote malicious users to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may conseque...

Openbsd Openssh Putty Putty Filezilla-project Filezilla Client Microsoft Powershell Panic Transmit 5 Panic Nova Roumenpetrov Pkixssh Winscp Winscp Bitvise Ssh Client Bitvise Ssh Server Lancom-systems Lcos Lancom-systems Lcos Fx -

9 Github repositories1 Article

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2021-44716. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux v...

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2023-39325/CVE-2023-44487, known as Rapid Reset. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one p...

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2022-41723. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux v...

The x/crypto/ssh package prior to 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an malicious user to panic an SSH server.

1 Github repository

Go prior to 1.12.11 and 1.3.x prior to 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.

Golang Go Debian Debian Linux 9.0 Debian Debian Linux 10.0 Fedoraproject Fedora 30 Fedoraproject Fedora 31 Redhat Developer Tools 1.0 Redhat Enterprise Linux 8.0 Redhat Enterprise Linux Server 8.1 Opensuse Leap 15.0 Opensuse Leap 15.1 Arista Cloudvision Portal Arista Cloudvision Portal 2019.1.0

1 Github repository

Go prior to 1.12.16 and 1.13.x prior to 1.13.7 (and the crypto/cryptobyte package prior to 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate.

Golang Go Debian Debian Linux 10.0 Fedoraproject Fedora 31 Netapp Cloud Insights Telegraf -

1 2 3 4 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook