CVSS: 3.1EPSS: 0%CPEs: 2EXPL: 1CVE-2022-30629 – Session tickets lack random ticket_age_add in crypto/tls
https://notcve.org/view.php?id=CVE-2022-30629
04 Aug 2022 — Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption. Valores no aleatorios para la función ticket_age_add en los tickets de sesión en crypto/tls versiones anteriores a Go 1.17.11 y Go 1.18.3, permiten a un atacante que pueda observar los handshakes TLS correlacionar conexiones sucesivas comparando las edades de los tickets ... • https://go.dev/cl/405994 • CWE-330: Use of Insufficiently Random Values CWE-331: Insufficient Entropy •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-30630 – Stack exhaustion in Glob on certain paths in io/fs
https://notcve.org/view.php?id=CVE-2022-30630
04 Aug 2022 — Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators. Una recursión no controlada en Glob en io/fs versiones anteriores a Go 1.17.12 y Go 1.18.4, permite a un atacante causar un pánico debido al agotamiento de la pila por medio de una ruta que contenga un gran número de separadores de ruta A flaw was found in the golang standard library, io/fs. Calling Glob on a path tha... • https://go.dev/cl/417065 • CWE-674: Uncontrolled Recursion CWE-1325: Improperly Controlled Sequential Memory Allocation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-30631 – Stack exhaustion when reading certain archives in compress/gzip
https://notcve.org/view.php?id=CVE-2022-30631
04 Aug 2022 — Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files. Una recursión no controlada en el archivo Reader.Read en compress/gzip versiones anteriores a Go 1.17.12 y Go 1.18.4, permite a un atacante causar un pánico debido al agotamiento de la pila por medio de un archivo que contenga un gran número de archivos comprimidos de longitud 0 c... • https://go.dev/cl/417067 • CWE-674: Uncontrolled Recursion CWE-1325: Improperly Controlled Sequential Memory Allocation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-30632 – Stack exhaustion on crafted paths in path/filepath
https://notcve.org/view.php?id=CVE-2022-30632
04 Aug 2022 — Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators. Una recursión no controlada en Glob en path/filepath versiones anteriores a Go 1.17.12 y Go 1.18.4, permite a un atacante causar un pánico debido al agotamiento de la pila por medio de una ruta que contenga un gran número de separadores de ruta A flaw was found in golang. Calling Glob on a path that contains a lar... • https://go.dev/cl/417066 • CWE-674: Uncontrolled Recursion CWE-1325: Improperly Controlled Sequential Memory Allocation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-30633 – Stack exhaustion when unmarshaling certain documents in encoding/xml
https://notcve.org/view.php?id=CVE-2022-30633
04 Aug 2022 — Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag. Una recursión no controlada en Unmarshal en encoding/xml versiones anteriores a Go 1.17.12 y Go 1.18.4 permite a un atacante causar un pánico debido al agotamiento de la pila por medio de unmarshal de un documento XML en una estructura Go que presenta un campo ... • https://go.dev/cl/417061 • CWE-674: Uncontrolled Recursion CWE-1325: Improperly Controlled Sequential Memory Allocation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-30635 – Stack exhaustion when decoding certain messages in encoding/gob
https://notcve.org/view.php?id=CVE-2022-30635
04 Aug 2022 — Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures. Una recursión no controlada en el archivo Decoder.Decode en encoding/gob versiones anteriores a Go 1.17.12 y Go 1.18.4, permite a un atacante causar un pánico debido al agotamiento de la pila por medio de un mensaje que contiene estructuras profundamente anidadas A flaw was found in golang. When calling Dec... • https://go.dev/cl/417064 • CWE-674: Uncontrolled Recursion CWE-1325: Improperly Controlled Sequential Memory Allocation •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-30634 – Indefinite hang with large buffers on Windows in crypto/rand
https://notcve.org/view.php?id=CVE-2022-30634
15 Jul 2022 — Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes. Un bucle infinito en Read en crypto/rand versiones anteriores a Go 1.17.11 y Go 1.18.3 en Windows, permite a un atacante causar un cuelgue no definido pasando un buffer mayor de 1 << 32 - 1 bytes • https://go.dev/cl/402257 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.2EPSS: 0%CPEs: 6EXPL: 1CVE-2022-29526 – golang: syscall: faccessat checks wrong group
https://notcve.org/view.php?id=CVE-2022-29526
22 Jun 2022 — Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible. Go versiones anteriores a 1.17.10 y 1.18.x anteriores a 1.18.2, presenta una Asignación Incorrecta de Privilegios. Cuando es llamada con un parámetro flags distinto de cero, la función Faccessat podría informar incorrectamente de que un archivo es accesible A flaw was found in the syscall.Faccessat function when... • https://github.com/golang/go/issues/52313 • CWE-269: Improper Privilege Management CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2022-24675 – golang: encoding/pem: fix stack overflow in Decode
https://notcve.org/view.php?id=CVE-2022-24675
20 Apr 2022 — encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data. encoding/pem en Go versiones anteriores a 1.17.9 y versiones 1.8.x anteriores a 1.8.1 tiene un desbordamiento de pila Decode a través de una gran cantidad de datos PEM. A buffer overflow flaw was found in Golang's library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB), causing a stack overflow in Decode, which leads to a loss of availability. Red Hat Cep... • https://github.com/jfrog/jfrog-CVE-2022-24675 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-27536 – Gentoo Linux Security Advisory 202208-02
https://notcve.org/view.php?id=CVE-2022-27536
20 Apr 2022 — Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic. Certificate.Verify en crypto/x509 en Go versiones 1.18.x anteriores a 1.18.1, puede causar pánico en macOS cuando son presentados determinados certificados malformados. Esto permite que un servidor TLS remoto cause que un cliente TLS entre en pánico Multiple vulnerabilities have been found in Go, the w... • https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf • CWE-295: Improper Certificate Validation •