CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-44716 – golang: net/http: limit growth of header canonicalization cache
https://notcve.org/view.php?id=CVE-2021-44716
16 Dec 2021 — net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests. net/http en Go versiones anteriores a 1.16.12 y versiones 1.17.x anteriores a 1.17.5, permite un consumo no controlado de memoria en la caché de canonización del encabezado por medio de peticiones HTTP/2. There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader() function. An attacker who submits specially crafted... • https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-39293 – golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196)
https://notcve.org/view.php?id=CVE-2021-39293
02 Dec 2021 — In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196. En archive/zip en Go versiones anteriores a 1.16.8 y 1.17.x versiones anteriores a 1.17.1, un encabezado de archivo diseñada (designando falsamente que hay muchos archivos presentes) puede causar un pánico en NewReader o OpenReader. NOTA: este problema se pres... • https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-41772 – golang: archive/zip: Reader.Open panics on empty string
https://notcve.org/view.php?id=CVE-2021-41772
08 Nov 2021 — Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field. Go versiones anteriores a 1.16.10 y 1.17.x versiones anteriores a 1.17.3, permite un pánico de archivo/zip Reader.Open por medio de un archivo ZIP diseñado que contiene un nombre no válido o un campo filename vacío A vulnerability was found in archive/zip of the Go standard library. Applications written in Go where Reader.Open (the API implementi... • https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-41771 – golang: debug/macho: invalid dynamic symbol table command can cause panic
https://notcve.org/view.php?id=CVE-2021-41771
08 Nov 2021 — ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation. ImportedSymbols en debug/macho (para Open u OpenFat) en Go versiones anteriores a 1.16.10 y 1.17.x versiones anteriores a 1.17.3, Accede a una Ubicación de Memoria Después del Final de un Búfer, también se conoce como una situación de "out-of-bounds slice" An out of bounds read vulnerability was found in debug/macho of ... • https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 4%CPEs: 4EXPL: 2CVE-2021-38297 – golang: Command-line arguments may overwrite global data
https://notcve.org/view.php?id=CVE-2021-38297
18 Oct 2021 — Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used. Go versiones anteriores a 1.16.9 y versiones 1.17.x anteriores a 1.17.2, presenta un Desbordamiento de Búfer por medio de argumentos grandes en una invocación de función desde un módulo WASM, cuando GOARCH=wasm GOOS=js es usado A flaw was found in golang. This vulnerability can only be triggered when invoking functions from vulnerable WASM (WebAss... • https://github.com/gkrishnan724/CVE-2021-38297 • CWE-20: Improper Input Validation CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •