CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30636 – Limited directory traversal vulnerability on Windows in golang.org/x/crypto
https://notcve.org/view.php?id=CVE-2022-30636
httpTokenCacheKey uses path.Base to extract the expected HTTP-01 token value to lookup in the DirCache implementation. On Windows, path.Base acts differently to filepath.Base, since Windows uses a different path separator (\ vs. /), allowing a user to provide a relative path, i.e. .well-known/acme-challenge/..\..\asd becomes ..\..\asd. The extracted path is then suffixed with +http-01, joined with the cache directory, and opened. • https://go.dev/cl/408694 https://go.dev/issue/53082 https://pkg.go.dev/vuln/GO-2024-2961 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24792 – Panic when parsing invalid palette-color images in golang.org/x/image
https://notcve.org/view.php?id=CVE-2024-24792
Parsing a corrupt or malicious image with invalid color indices can cause a panic. • https://go.dev/cl/588115 https://go.dev/issue/67624 https://pkg.go.dev/vuln/GO-2024-2937 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-24789 – Mishandling of corrupt central directory record in archive/zip
https://notcve.org/view.php?id=CVE-2024-24789
The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors. El manejo que hace el paquete archive/zip de ciertos tipos de archivos zip no válidos difiere del comportamiento de la mayoría de las implementaciones zip. Esta desalineación podría aprovecharse para crear un archivo zip con contenidos que varían según la implementación que lea el archivo. • http://www.openwall.com/lists/oss-security/2024/06/04/1 https://go.dev/cl/585397 https://go.dev/issue/66869 https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5YAEIA6IUHUNGJ7AIXXPQT6D2GYENX7 https://pkg.go.dev/vuln/GO-2024-2888 https://access.redhat.com/security/cve/CVE-2024-24789 https://bugzilla.redhat.com/show_bug.cgi?id=2292668 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-24790 – Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip
https://notcve.org/view.php?id=CVE-2024-24790
The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. Los diversos métodos Is (IsPrivate, IsLoopback, etc.) no funcionaron como se esperaba para las direcciones IPv6 asignadas a IPv4, devolviendo falso para direcciones que devolverían verdadero en sus formas IPv4 tradicionales. A flaw was found in the Go language standard library net/netip. The method Is*() (IsPrivate(), IsPublic(), etc) doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to control access to resources or data. • http://www.openwall.com/lists/oss-security/2024/06/04/1 https://go.dev/cl/590316 https://go.dev/issue/67680 https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ https://pkg.go.dev/vuln/GO-2024-2887 https://access.redhat.com/security/cve/CVE-2024-24790 https://bugzilla.redhat.com/show_bug.cgi?id=2292787 • CWE-115: Misinterpretation of Input •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-45288 – HTTP/2 CONTINUATION flood in net/http
https://notcve.org/view.php?id=CVE-2023-45288
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. • http://www.openwall.com/lists/oss-security/2024/04/03/16 http://www.openwall.com/lists/oss-security/2024/04/05/4 https://go.dev/cl/576155 https://go.dev/issue/65051 https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT https://pkg.go.dev/vuln/GO-2024-2687 https://security.netapp.com/advisory/ntap-20240419-0009 https://access.redhat.com/security/ • CWE-400: Uncontrolled Resource Consumption •