CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-30580 – Empty Cmd.Path can trigger unintended binary in os/exec on Windows
https://notcve.org/view.php?id=CVE-2022-30580
Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset. Una inyección de código en el archivo Cmd.Start en os/exec versiones anteriores a Go 1.17.11 y Go 1.18.3, permite una ejecución de cualquier binario en el directorio de trabajo llamado "..com" o "..exe" llamando a Cmd.Run, Cmd.Start, Cmd.Output o Cmd.CombinedOutput cuando Cmd.Path no está establecido • https://go.dev/cl/403759 https://go.dev/issue/52574 https://go.googlesource.com/go/+/960ffa98ce73ef2c2060c84c7ac28d37a83f345e https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ https://pkg.go.dev/vuln/GO-2022-0532 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-32189 – Panic when decoding Float and Rat types in math/big
https://notcve.org/view.php?id=CVE-2022-32189
A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service. Un mensaje codificado demasiado corto puede causar un pánico en Float.GobDecode y Rat GobDecode en math/big en Go versiones anteriores a 1.17.13 y 1.18.5, permitiendo potencialmente una denegación de servicio An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability. • https://go.dev/cl/417774 https://go.dev/issue/53871 https://go.googlesource.com/go/+/055113ef364337607e3e72ed7d48df67fde6fc66 https://groups.google.com/g/golang-announce/c/YqYYG87xB10 https://pkg.go.dev/vuln/GO-2022-0537 https://access.redhat.com/security/cve/CVE-2022-32189 https://bugzilla.redhat.com/show_bug.cgi?id=2113814 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 3.1EPSS: 0%CPEs: 2EXPL: 1CVE-2022-30629 – Session tickets lack random ticket_age_add in crypto/tls
https://notcve.org/view.php?id=CVE-2022-30629
Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption. Valores no aleatorios para la función ticket_age_add en los tickets de sesión en crypto/tls versiones anteriores a Go 1.17.11 y Go 1.18.3, permiten a un atacante que pueda observar los handshakes TLS correlacionar conexiones sucesivas comparando las edades de los tickets durante la reanudación de la sesión A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption. • https://go.dev/cl/405994 https://go.dev/issue/52814 https://go.googlesource.com/go/+/fe4de36198794c447fbd9d7cc2d7199a506c76a5 https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ https://pkg.go.dev/vuln/GO-2022-0531 https://access.redhat.com/security/cve/CVE-2022-30629 https://bugzilla.redhat.com/show_bug.cgi?id=2092793 • CWE-330: Use of Insufficiently Random Values CWE-331: Insufficient Entropy •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-29804 – Path traversal via Clean on Windows in path/filepath
https://notcve.org/view.php?id=CVE-2022-29804
Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack. En filepath.Clean en path/filepath en Go versiones anteriores a 1.17.11 y en 1.18.x antes de 1.18.3 en Windows, las rutas inválidas como .\c: podían convertirse en rutas válidas (como c: en este ejemplo). • https://go.dev/cl/401595 https://go.dev/issue/52476 https://go.googlesource.com/go/+/9cd1818a7d019c02fa4898b3e45a323e35033290 https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ https://pkg.go.dev/vuln/GO-2022-0533 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-1705 – Improper sanitization of Transfer-Encoding headers in net/http
https://notcve.org/view.php?id=CVE-2022-1705
Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid. La aceptación de algunos encabezados Transfer-Encoding inválidas en el cliente HTTP/1 en net/http versiones anteriores a Go 1.17.12 y Go 1.18.4, permite un contrabando de peticiones HTTP si es combinado con un servidor intermedio que tampoco rechaza indebidamente el encabezado como no válido A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. • https://go.dev/cl/409874 https://go.dev/cl/410714 https://go.dev/issue/53188 https://go.googlesource.com/go/+/e5017a93fcde94f09836200bca55324af037ee5f https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://pkg.go.dev/vuln/GO-2022-0525 https://access.redhat.com/security/cve/CVE-2022-1705 https://bugzilla.redhat.com/show_bug.cgi?id=2107374 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •