CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22872 – Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net
https://notcve.org/view.php?id=CVE-2025-22872
16 Apr 2025 — The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. <math>, <svg>, etc contexts). • https://go.dev/cl/662715 •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2025-22870 – HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net
https://notcve.org/view.php?id=CVE-2025-22870
12 Mar 2025 — Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied. • https://go.dev/cl/654697 • CWE-115: Misinterpretation of Input •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22868 – Unexpected memory consumption during token parsing in golang.org/x/oauth2
https://notcve.org/view.php?id=CVE-2025-22868
26 Feb 2025 — An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, ".")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed ... • https://go.dev/cl/652155 • CWE-1286: Improper Validation of Syntactic Correctness of Input •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22869 – Potential denial of service in golang.org/x/crypto
https://notcve.org/view.php?id=CVE-2025-22869
26 Feb 2025 — SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted. A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange. ... • https://go.dev/cl/652135 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45338 – Non-linear parsing of case-insensitive content in golang.org/x/net/html
https://notcve.org/view.php?id=CVE-2024-45338
18 Dec 2024 — An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service. A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service. • https://go.dev/cl/637536 • CWE-770: Allocation of Resources Without Limits or Throttling CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 9.1EPSS: 34%CPEs: 1EXPL: 3CVE-2024-45337 – Misuse of connection.serverAuthenticate may cause authorization bypass in golang.org/x/crypto
https://notcve.org/view.php?id=CVE-2024-45337
11 Dec 2024 — Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to authenticate." Specifically, the SSH protocol allows clients to i... • https://github.com/NHAS/CVE-2024-45337-POC • CWE-285: Improper Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30636 – Limited directory traversal vulnerability on Windows in golang.org/x/crypto
https://notcve.org/view.php?id=CVE-2022-30636
02 Jul 2024 — httpTokenCacheKey uses path.Base to extract the expected HTTP-01 token value to lookup in the DirCache implementation. On Windows, path.Base acts differently to filepath.Base, since Windows uses a different path separator (\ vs. /), allowing a user to provide a relative path, i.e. .well-known/acme-challenge/..\..\asd becomes ..\..\asd. The extracted path is then suffixed with +http-01, joined with the cache directory, and opened. • https://go.dev/cl/408694 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24792 – Panic when parsing invalid palette-color images in golang.org/x/image
https://notcve.org/view.php?id=CVE-2024-24792
27 Jun 2024 — Parsing a corrupt or malicious image with invalid color indices can cause a panic. • https://go.dev/cl/588115 •
CVSS: 7.8EPSS: 72%CPEs: 3EXPL: 1CVE-2023-45288 – HTTP/2 CONTINUATION flood in net/http
https://notcve.org/view.php?id=CVE-2023-45288
04 Apr 2024 — An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going... • https://github.com/hex0punk/cont-flood-poc • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2010-4818 – X.org: multiple GLX input sanitization flaws
https://notcve.org/view.php?id=CVE-2010-4818
05 Sep 2012 — The GLX extension in X.Org xserver 1.7.7 allows remote authenticated users to cause a denial of service (server crash) and possibly execute arbitrary code via (1) a crafted request that triggers a client swap in glx/glxcmdsswap.c; or (2) a crafted length or (3) a negative value in the screen field in a request to glx/glxcmds.c. La extensión GLX en X.Org xserver v1.7.7 permite a usuarios remotos autenticados provocar una denegación de servicio (caída del servidor) y posiblemente ejecutar código arbitrario a ... • http://cgit.freedesktop.org/xorg/xserver/commit?id=3f0d3f4d97bce75c1828635c322b6560a45a037f • CWE-20: Improper Input Validation •