CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-24789 – Mishandling of corrupt central directory record in archive/zip
https://notcve.org/view.php?id=CVE-2024-24789
05 Jun 2024 — The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors. El manejo que hace el paquete archive/zip de ciertos tipos de archivos zip no válidos difiere del comportamiento de la mayoría de las implementaciones zip. Esta desalineación podría ap... • http://www.openwall.com/lists/oss-security/2024/06/04/1 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-24790 – Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip
https://notcve.org/view.php?id=CVE-2024-24790
05 Jun 2024 — The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. Los diversos métodos Is (IsPrivate, IsLoopback, etc.) no funcionaron como se esperaba para las direcciones IPv6 asignadas a IPv4, devolviendo falso para direcciones que devolverían verdadero en sus formas IPv4 tradicionales. A flaw was found in the Go language standard library net/netip. The method Is*() (IsPrivate... • http://www.openwall.com/lists/oss-security/2024/06/04/1 • CWE-115: Misinterpretation of Input •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49292 – Possible private key restoration in go package github.com/ecies/go
https://notcve.org/view.php?id=CVE-2023-49292
04 Dec 2023 — ecies is an Elliptic Curve Integrated Encryption Scheme for secp256k1 in Golang. If funcations Encapsulate(), Decapsulate() and ECDH() could be called by an attacker, they could recover any private key that interacts with it. This vulnerability was patched in 2.0.8. Users are advised to upgrade. ecies es un esquema de cifrado integrado de curva elíptica para secp256k1 en Golang. Si un atacante pudiera llamar a las funciones Encapsulate(), Decapsulate() y ECDH(), podría recuperar cualquier clave privada que ... • https://github.com/ashutosh1206/Crypton/blob/master/Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/README.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •