CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-41720 – Restricted file access on Windows in os and net/http
https://notcve.org/view.php?id=CVE-2022-41720
On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS("C:/tmp").Open("COM1") opens the COM1 device. Both os.DirFS and http.Dir only provide read-only filesystem access. • https://go.dev/cl/455716 https://go.dev/issue/56694 https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ https://pkg.go.dev/vuln/GO-2022-1143 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-41716 – Unsanitized NUL in environment variables on Windows in syscall and os/exec
https://notcve.org/view.php?id=CVE-2022-41716
Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string "A=B\x00C=D" sets the variables "A=B" and "C=D". Debido a valores NUL no sanitizados, los atacantes pueden configurar variables de entorno de forma maliciosa en Windows. • https://go.dev/cl/446916 https://go.dev/issue/56284 https://groups.google.com/g/golang-announce/c/mbHY1UY3BaM/m/hSpmRzk-AgAJ https://pkg.go.dev/vuln/GO-2022-1095 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-2879 – Unbounded memory consumption when reading headers in archive/tar
https://notcve.org/view.php?id=CVE-2022-2879
Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB. Reader.Read no establece un límite en el tamaño máximo de los encabezados de los archivos. Un archivo diseñado de forma maliciosa podía causar que Read asignara cantidades ilimitadas de memoria, causando potencialmente el agotamiento de los recursos o el pánico. • https://go.dev/cl/439355 https://go.dev/issue/54853 https://groups.google.com/g/golang-announce/c/xtuG5faxtaU https://pkg.go.dev/vuln/GO-2022-1037 https://security.gentoo.org/glsa/202311-09 https://access.redhat.com/security/cve/CVE-2022-2879 https://bugzilla.redhat.com/show_bug.cgi?id=2132867 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-2880 – Incorrect sanitization of forwarded query parameters in net/http/httputil
https://notcve.org/view.php?id=CVE-2022-2880
Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request's Form field is set after the ReverseProxy. Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse query parameters continue to forward the original query parameters unchanged. • https://go.dev/cl/432976 https://go.dev/issue/54663 https://groups.google.com/g/golang-announce/c/xtuG5faxtaU https://pkg.go.dev/vuln/GO-2022-1038 https://security.gentoo.org/glsa/202311-09 https://access.redhat.com/security/cve/CVE-2022-2880 https://bugzilla.redhat.com/show_bug.cgi?id=2132868 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-41715 – Memory exhaustion when compiling regular expressions in regexp/syntax
https://notcve.org/view.php?id=CVE-2022-41715
Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected. • https://go.dev/cl/439356 https://go.dev/issue/55949 https://groups.google.com/g/golang-announce/c/xtuG5faxtaU https://pkg.go.dev/vuln/GO-2022-1039 https://security.gentoo.org/glsa/202311-09 https://access.redhat.com/security/cve/CVE-2022-41715 https://bugzilla.redhat.com/show_bug.cgi?id=2132872 •