Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2022-28327

Published: 20/04/2022 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Go

Vulnerability Summary

The generic P-256 feature in crypto/elliptic in Go prior to 1.17.9 and 1.18.x prior to 1.18.1 allows a panic via long scalar input.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

golang go

fedoraproject fedora 34

fedoraproject extra packages for enterprise linux 8.0

fedoraproject fedora 35

fedoraproject fedora 36

fedoraproject extra packages for enterprise linux 7.0

Vendor Advisories

Amazon Linux AMI: ALAS-2022-1635
A flaw was found in golang The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid (CVE-2022-1705) A flaw was found in the golang standard library, go/parser When callin ...
Red Hat:
The generic P-256 feature in crypto/elliptic in Go before 1179 and 118x before 1181 allows a panic via long scalar input ...
Red Hat: Moderate: Red Hat Service Interconnect 1.4 Release security update
Synopsis Moderate: Red Hat Service Interconnect 14 Release security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic This is release 14 of the rpms for Red Hat Service Interconnect Red Hat Service Interconnect 14 ...
Red Hat: Important: Node Health Check Operator 0.3.1 security update
Synopsis Important: Node Health Check Operator 031 security update Type/Severity Security Advisory: Important Topic An update for node-healthcheck-operator-bundle-container and node-healthcheck-operator-container is now available for Node Healthcheck Operator 03 for RHEL 8 This Operator is delivered by Red Hat Workload AvailabilityRed Ha ...
Red Hat: Moderate: Custom Metrics Autoscaler Operator for Red Hat OpenShift (with security updates)
Synopsis Moderate: Custom Metrics Autoscaler Operator for Red Hat OpenShift (with security updates) Type/Severity Security Advisory: Moderate Topic Custom Metrics Autoscaler Operator for Red Hat OpenShift including security updatesRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability S ...
Red Hat: Moderate: OpenShift Container Platform 4.10.28 packages and security update
Synopsis Moderate: OpenShift Container Platform 41028 packages and security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 41028 is now available withupdates to pack ...
Red Hat: Important: Red Hat OpenShift Enterprise security update
Synopsis Important: Red Hat OpenShift Enterprise security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 41144 is now available with updates to packages and images th ...
Red Hat: Moderate: OpenShift Container Platform 4.11.0 packages and security update
Synopsis Moderate: OpenShift Container Platform 4110 packages and security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 4110 is now available withupdates to packag ...
Red Hat: Important: Release of OpenShift Serverless Client kn 1.24.0
Synopsis Important: Release of OpenShift Serverless Client kn 1240 Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Release of OpenShift Serverless Client kn 1240Red Hat Product Security has rated this update as having ...
Red Hat: Moderate: Red Hat OpenShift Service Mesh 2.1.5 security update
Synopsis Moderate: Red Hat OpenShift Service Mesh 215 security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Service Mesh 215Red Hat Product Security has rated this update as having a securit ...
Red Hat: Moderate: Red Hat OpenShift Data Foundation 4.11.0 security, enhancement & bugfix update
Synopsis Moderate: Red Hat OpenShift Data Foundation 4110 security, enhancement & bugfix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Updated packages that include numerous enhancements, security, and bug f ...
Red Hat: Important: Red Hat Ceph Storage 6.1 Container security and bug fix update
Synopsis Important: Red Hat Ceph Storage 61 Container security and bug fix update Type/Severity Security Advisory: Important Topic A new container image for Red Hat Ceph Storage 61 is now available in the Red Hat Ecosystem CatalogRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability ...
Red Hat: Important: Red Hat OpenShift Service Mesh 2.1.3 Containers security update
Synopsis Important: Red Hat OpenShift Service Mesh 213 Containers security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Service Mesh 213Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed sever ...
Red Hat: Moderate: OpenShift Container Platform 4.10.26 security update
Synopsis Moderate: OpenShift Container Platform 41026 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 41026 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Container Plat ...
Red Hat: Important: Secondary Scheduler Operator for Red Hat OpenShift 1.1.0 security update
Synopsis Important: Secondary Scheduler Operator for Red Hat OpenShift 110 security update Type/Severity Security Advisory: Important Topic Secondary Scheduler Operator for Red Hat OpenShift 110Red Hat Product Security has rated this update as having a security impact ofImportant A Common Vulnerability Scoring System (CVSS) base score, w ...
Red Hat: Moderate: OpenShift API for Data Protection (OADP) 1.1.0 security and bug fix update
Synopsis Moderate: OpenShift API for Data Protection (OADP) 110 security and bug fix update Type/Severity Security Advisory: Moderate Topic OpenShift API for Data Protection (OADP) 110 is now availableRed Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring System (CVSS) base s ...
Red Hat: Important: OpenShift Virtualization 4.11.0 Images security and bug fix update
Synopsis Important: OpenShift Virtualization 4110 Images security and bug fix update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Virtualization release 4110 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a secur ...
Red Hat: Important: OpenShift Container Platform 4.11.0 bug fix and security update
Synopsis Important: OpenShift Container Platform 4110 bug fix and security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 4110 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Co ...
Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.7.3 security and bug fix update
Synopsis Moderate: Migration Toolkit for Containers (MTC) 173 security and bug fix update Type/Severity Security Advisory: Moderate Topic The Migration Toolkit for Containers (MTC) 173 is now availableRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...
Red Hat: Moderate: OpenShift Container Platform 4.11.0 extras and security update
Synopsis Moderate: OpenShift Container Platform 4110 extras and security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4110 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Conta ...
Red Hat: Important: Red Hat OpenShift Data Foundation 4.11.0 security, enhancement, & bugfix update
Synopsis Important: Red Hat OpenShift Data Foundation 4110 security, enhancement, & bugfix update Type/Severity Security Advisory: Important Topic Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4110 on Red Hat Enterprise Linux 8Red Hat Product Securit ...
Red Hat: Moderate: OpenShift Jenkins image and Jenkins agent base image security update
Synopsis Moderate: OpenShift Jenkins image and Jenkins agent base image security update Type/Severity Security Advisory: Moderate Topic Release of Bug Advisories for the OpenShift Jenkins image and Jenkins agent base imageRed Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring Sys ...
Red Hat: Moderate: go-toolset-1.17 and go-toolset-1.17-golang security and bug fix update
Synopsis Moderate: go-toolset-117 and go-toolset-117-golang security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for go-toolset-117 and go-toolset-117-golang is now available for Red Ha ...
Red Hat: Important: Release of OpenShift Serverless 1.24.0
Synopsis Important: Release of OpenShift Serverless 1240 Type/Severity Security Advisory: Important Topic Release of OpenShift Serverless 1240The References section contains CVE links providing detailed severity ratingsfor each vulnerability Ratings are based on a Common Vulnerability ScoringSystem (CVSS) base score Description Versio ...
Red Hat: Moderate: RHACS 3.72 enhancement and security update
Synopsis Moderate: RHACS 372 enhancement and security update Type/Severity Security Advisory: Moderate Topic Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS) The updated image includes new features and bug fixesRed Hat Product Security has rated this update as having a security impact of Moderat ...
Red Hat: Moderate: OpenShift Virtualization 4.11.1 security and bug fix update
Synopsis Moderate: OpenShift Virtualization 4111 security and bug fix update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Virtualization release 4111 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security impac ...
Amazon Linux 2: ALAS2-2022-1847
A flaw was found in golang The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid (CVE-2022-1705) A flaw was found in the golang standard library, go/parser When callin ...
Amazon Linux 2: ALAS2DOCKER-2022-020
A flaw was found in golang The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid (CVE-2022-1705) A flaw was found in the golang standard library, go/parser When callin ...
Amazon Linux 2: ALAS2-2022-1846
A flaw was found in golang The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid (CVE-2022-1705) A flaw was found in the golang standard library, go/parser When callin ...
Amazon Linux 2: ALAS2-2022-1862
A flaw was found in golang The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid (CVE-2022-1705) A flaw was found in the golang standard library, go/parser When callin ...
Amazon Linux 2: ALAS2-2022-1863
A flaw was found in golang The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid (CVE-2022-1705) A flaw was found in the golang standard library, go/parser When callin ...
Amazon Linux 2: ALAS2-2022-1861
A flaw was found in golang The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid (CVE-2022-1705) A flaw was found in the golang standard library, go/parser When callin ...
Amazon Linux 2: ALAS2-2022-1858
A flaw was found in golang The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid (CVE-2022-1705) A flaw was found in the golang standard library, go/parser When callin ...
Amazon Linux 2: ALAS2-2022-1859
A flaw was found in golang The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid (CVE-2022-1705) A flaw was found in the golang standard library, go/parser When callin ...
Amazon Linux 2: ALASGOLANG1.19-2023-002
An out of bounds read vulnerability was found in debug/macho of the Go standard library When using the debug/macho standard library (stdlib) and malformed binaries are parsed using Open or OpenFat, it can cause golang to attempt to read outside of a slice (array) causing a panic when calling ImportedSymbols An attacker can use this vulnerability ...
Amazon Linux 2: ALAS2-2022-1830
A null pointer dereference vulnerability was found in golang When using the library's ssh server without specifying an option for GSSAPIWithMICConfig, it is possible for an attacker to craft an ssh client connection using the authentication method and cause the server to panic resulting in a denial of service The highest threat from this vulnera ...
Amazon Linux 2: ALAS2-2022-1864
A flaw was found in golang The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid (CVE-2022-1705) A flaw was found in the golang standard library, go/parser When callin ...
Amazon Linux 2: ALAS2-2022-1865
A flaw was found in golang The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid (CVE-2022-1705) A flaw was found in the golang standard library, go/parser When callin ...
Amazon Linux 2: ALAS2-2022-1860
A flaw was found in golang The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid (CVE-2022-1705) A flaw was found in the golang standard library, go/parser When callin ...
Amazon Linux 2022: ALAS2022-2022-192
A flaw was found in golang The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid (CVE-2022-1705) A flaw was found in the golang standard library, go/parser When callin ...
Amazon Linux 2022: ALAS2022-2022-140
A flaw was found in golang The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid (CVE-2022-1705) A flaw was found in the golang standard library, go/parser When callin ...
Amazon Linux 2022: ALAS2022-2022-133
A flaw was found in golang The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid (CVE-2022-1705) A flaw was found in the golang standard library, go/parser When callin ...

ICS Advisories

Siemens Brownfield Connectivity Gateway
Critical Infrastructure Sectors: Critical Manufacturing

References

NVD-CWE-noinfohttps://groups.google.com/g/golang-announcehttps://groups.google.com/g/golang-announce/c/oecdBNLOml8https://security.gentoo.org/glsa/202208-02https://security.netapp.com/advisory/ntap-20220915-0010/https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdfhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TYZC4OAY54TO75FBEFAPV5G7O4D5TM/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NY6GEAJMNKKMU5H46QO4D7D6A24KSPXE/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3BMW5QGX53CMIJIZWKXFKBJX2C5GWTY/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RCRSABD6CUDIZULZPZL5BJ3ET3A2NEJP/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/https://nvd.nist.govhttps://alas.aws.amazon.com/ALAS-2022-1635.htmlhttps://www.cisa.gov/uscert/ics/advisories/icsa-23-047-04
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook