CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-32189 – Panic when decoding Float and Rat types in math/big
https://notcve.org/view.php?id=CVE-2022-32189
04 Aug 2022 — A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service. Un mensaje codificado demasiado corto puede causar un pánico en Float.GobDecode y Rat GobDecode en math/big en Go versiones anteriores a 1.17.13 y 1.18.5, permitiendo potencialmente una denegación de servicio An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDec... • https://go.dev/cl/417774 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-30634 – Indefinite hang with large buffers on Windows in crypto/rand
https://notcve.org/view.php?id=CVE-2022-30634
15 Jul 2022 — Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes. Un bucle infinito en Read en crypto/rand versiones anteriores a Go 1.17.11 y Go 1.18.3 en Windows, permite a un atacante causar un cuelgue no definido pasando un buffer mayor de 1 << 32 - 1 bytes • https://go.dev/cl/402257 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.2EPSS: 0%CPEs: 6EXPL: 1CVE-2022-29526 – golang: syscall: faccessat checks wrong group
https://notcve.org/view.php?id=CVE-2022-29526
22 Jun 2022 — Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible. Go versiones anteriores a 1.17.10 y 1.18.x anteriores a 1.18.2, presenta una Asignación Incorrecta de Privilegios. Cuando es llamada con un parámetro flags distinto de cero, la función Faccessat podría informar incorrectamente de que un archivo es accesible A flaw was found in the syscall.Faccessat function when... • https://github.com/golang/go/issues/52313 • CWE-269: Improper Privilege Management CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 1CVE-2022-24675 – golang: encoding/pem: fix stack overflow in Decode
https://notcve.org/view.php?id=CVE-2022-24675
20 Apr 2022 — encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data. encoding/pem en Go versiones anteriores a 1.17.9 y versiones 1.8.x anteriores a 1.8.1 tiene un desbordamiento de pila Decode a través de una gran cantidad de datos PEM. A buffer overflow flaw was found in Golang's library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB), causing a stack overflow in Decode, which leads to a loss of availability. Red Hat Cep... • https://github.com/jfrog/jfrog-CVE-2022-24675 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-28327 – golang: crypto/elliptic: panic caused by oversized scalar
https://notcve.org/view.php?id=CVE-2022-28327
20 Apr 2022 — The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input. La característica genérica P-256 en crypto/elliptic en Go versiones anteriores a 1.17.9 y versiones 1.18.x anteriores a 1.18.1, permite un pánico por medio de una entrada escalar larga An integer overflow flaw was found in Golang's crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBase... • https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2022-24921 – golang: regexp: stack exhaustion via a deeply nested expression
https://notcve.org/view.php?id=CVE-2022-24921
05 Mar 2022 — regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. El archivo regexp.Compile en Go versiones anteriores a 1.16.15 y versiones 1.17.x anteriores a 1.17.8, permite un agotamiento de la pila por medio de una expresión profundamente anidada A stack overflow flaw was found in Golang's regexp module, which can crash the runtime if the application using regexp accepts very long or arbitrarily long regexps from untrusted sources that have sufficient ... • https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf • CWE-400: Uncontrolled Resource Consumption CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 3CVE-2022-23773 – golang: cmd/go: misinterpretation of branch names can lead to incorrect access control
https://notcve.org/view.php?id=CVE-2022-23773
11 Feb 2022 — cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags. cmd/go en Go versiones anteriores a 1.16.14 y versiones 1.17.x anteriores a 1.17.7, puede malinterpretar nombres de rama que falsamente parecen ser etiquetas de versión. Esto puede conllevar a un control de acceso incorrecto si supone que un actor puede crear ramas pero no etiqu... • https://github.com/danbudris/CVE-2022-23773-repro • CWE-436: Interpretation Conflict CWE-1220: Insufficient Granularity of Access Control •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-23772 – golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString
https://notcve.org/view.php?id=CVE-2022-23772
11 Feb 2022 — Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. Rat.SetString en el archivo math/big en Go versiones anteriores a 1.16.14 y versiones 1.17.x anteriores a 1.17.7, presenta un desbordamiento que puede conllevar a un Consumo de Memoria no Controlado A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. Thi... • https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.1EPSS: 1%CPEs: 7EXPL: 0CVE-2022-23806 – golang: crypto/elliptic: IsOnCurve returns true for invalid field elements
https://notcve.org/view.php?id=CVE-2022-23806
11 Feb 2022 — Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element. Curve.IsOnCurve en crypto/elliptic en Go versiones anteriores a 1.16.14 y versiones 1.17.x anteriores a 1.17.7, puede devolver incorrectamente true en situaciones con un valor big.Int que no es un elemento de campo válido A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could retu... • https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ • CWE-252: Unchecked Return Value •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 2CVE-2021-23772 – Arbitrary File Write
https://notcve.org/view.php?id=CVE-2021-23772
24 Dec 2021 — This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write to arbitrary locations outside the designated target folder. Esto afecta a todas las versiones del paquete github.com/kataras/iris; todas las versiones del paquete github.com/kataras/iris/v12. Un manejo no seguro de los nombres de archivo durante la carga usando el método UploadFormFiles p... • https://github.com/kataras/iris/commit/e213dba0d32ff66653e0ef124bc5088817264b08 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •