Search

Find a vulnerability

Search criteria

    20 vulnerabilities found for cloud_insights_telegraf_agent by netapp

    CVE-2022-30634 (GCVE-0-2022-30634)

    Vulnerability from nvd – Published: 2022-07-15 19:36 – Updated: 2024-08-03 06:56
    VLAI
    Title
    Indefinite hang with large buffers on Windows in crypto/rand
    Summary
    Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.
    Severity
    No CVSS data available.
    CWE
    • CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
    Assigner
    Go
    Impacted products
    Vendor Product Version
    Go standard library crypto/rand Affected: 0 , < 1.17.11 (semver)
    Affected: 1.18.0-0 , < 1.18.3 (semver)
    Create a notification for this product.
    Credits
    Davis Goodin Quim Muntal of Microsoft
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:56:13.255Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.dev/cl/402257"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.googlesource.com/go/+/bb1f4416180511231de6d17a1f2f55c82aafc863"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.dev/issue/52561"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://pkg.go.dev/vuln/GO-2022-0477"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "crypto/rand",
              "platforms": [
                "windows"
              ],
              "product": "crypto/rand",
              "programRoutines": [
                {
                  "name": "Read"
                }
              ],
              "vendor": "Go standard library",
              "versions": [
                {
                  "lessThan": "1.17.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.18.3",
                  "status": "affected",
                  "version": "1.18.0-0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Davis Goodin"
            },
            {
              "lang": "en",
              "value": "Quim Muntal of Microsoft"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 \u003c\u003c 32 - 1 bytes."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-12T19:04:27.361Z",
            "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
            "shortName": "Go"
          },
          "references": [
            {
              "url": "https://go.dev/cl/402257"
            },
            {
              "url": "https://go.googlesource.com/go/+/bb1f4416180511231de6d17a1f2f55c82aafc863"
            },
            {
              "url": "https://go.dev/issue/52561"
            },
            {
              "url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ"
            },
            {
              "url": "https://pkg.go.dev/vuln/GO-2022-0477"
            }
          ],
          "title": "Indefinite hang with large buffers on Windows in crypto/rand"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "assignerShortName": "Go",
        "cveId": "CVE-2022-30634",
        "datePublished": "2022-07-15T19:36:19.000Z",
        "dateReserved": "2022-05-12T00:00:00.000Z",
        "dateUpdated": "2024-08-03T06:56:13.255Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23806 (GCVE-0-2022-23806)

    Vulnerability from nvd – Published: 2022-02-11 00:00 – Updated: 2024-08-03 03:51
    VLAI
    Summary
    Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:51:45.994Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2985-1] golang-1.7 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html"
              },
              {
                "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2986-1] golang-1.8 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20220225-0006/"
              },
              {
                "name": "GLSA-202208-02",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202208-02"
              },
              {
                "name": "[debian-lts-announce] 20230419 [SECURITY] [DLA 3395-1] golang-1.11 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-19T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2985-1] golang-1.7 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html"
            },
            {
              "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2986-1] golang-1.8 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            },
            {
              "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20220225-0006/"
            },
            {
              "name": "GLSA-202208-02",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202208-02"
            },
            {
              "name": "[debian-lts-announce] 20230419 [SECURITY] [DLA 3395-1] golang-1.11 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-23806",
        "datePublished": "2022-02-11T00:00:00.000Z",
        "dateReserved": "2022-01-21T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:51:45.994Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23773 (GCVE-0-2022-23773)

    Vulnerability from nvd – Published: 2022-02-11 00:16 – Updated: 2024-08-03 03:51
    VLAI
    Summary
    cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:51:45.976Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20220225-0006/"
              },
              {
                "name": "GLSA-202208-02",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202208-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-04T15:12:04.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20220225-0006/"
            },
            {
              "name": "GLSA-202208-02",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/202208-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2022-23773",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
                },
                {
                  "name": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
                  "refsource": "MISC",
                  "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20220225-0006/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20220225-0006/"
                },
                {
                  "name": "GLSA-202208-02",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/202208-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-23773",
        "datePublished": "2022-02-11T00:16:08.000Z",
        "dateReserved": "2022-01-20T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:51:45.976Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23772 (GCVE-0-2022-23772)

    Vulnerability from nvd – Published: 2022-02-11 00:11 – Updated: 2024-08-03 03:51
    VLAI
    Summary
    Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:51:46.050Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2985-1] golang-1.7 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html"
              },
              {
                "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2986-1] golang-1.8 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20220225-0006/"
              },
              {
                "name": "GLSA-202208-02",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202208-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-04T15:08:10.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2985-1] golang-1.7 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html"
            },
            {
              "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2986-1] golang-1.8 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20220225-0006/"
            },
            {
              "name": "GLSA-202208-02",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/202208-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2022-23772",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2985-1] golang-1.7 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html"
                },
                {
                  "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2986-1] golang-1.8 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
                },
                {
                  "name": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
                  "refsource": "MISC",
                  "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20220225-0006/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20220225-0006/"
                },
                {
                  "name": "GLSA-202208-02",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/202208-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-23772",
        "datePublished": "2022-02-11T00:11:15.000Z",
        "dateReserved": "2022-01-20T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:51:46.050Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33195 (GCVE-0-2021-33195)

    Vulnerability from nvd – Published: 2021-08-02 18:51 – Updated: 2024-08-03 23:42
    VLAI
    Summary
    Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:42:20.281Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://groups.google.com/g/golang-announce"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20210902-0005/"
              },
              {
                "name": "GLSA-202208-02",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202208-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-04T15:07:31.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://groups.google.com/g/golang-announce"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20210902-0005/"
            },
            {
              "name": "GLSA-202208-02",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/202208-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-33195",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://groups.google.com/g/golang-announce",
                  "refsource": "MISC",
                  "url": "https://groups.google.com/g/golang-announce"
                },
                {
                  "name": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI",
                  "refsource": "MISC",
                  "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20210902-0005/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20210902-0005/"
                },
                {
                  "name": "GLSA-202208-02",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/202208-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-33195",
        "datePublished": "2021-08-02T18:51:34.000Z",
        "dateReserved": "2021-05-19T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:42:20.281Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-3115 (GCVE-0-2021-3115)

    Vulnerability from nvd – Published: 2021-01-26 02:14 – Updated: 2024-08-03 16:45
    VLAI
    Summary
    Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T16:45:51.223Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://groups.google.com/g/golang-announce/c/mperVMGa98w"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://blog.golang.org/path-security"
              },
              {
                "name": "FEDORA-2021-e435a8bb88",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20210219-0001/"
              },
              {
                "name": "GLSA-202208-02",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202208-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the \"go get\" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-04T15:09:52.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://groups.google.com/g/golang-announce/c/mperVMGa98w"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://blog.golang.org/path-security"
            },
            {
              "name": "FEDORA-2021-e435a8bb88",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20210219-0001/"
            },
            {
              "name": "GLSA-202208-02",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/202208-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-3115",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the \"go get\" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://groups.google.com/g/golang-announce/c/mperVMGa98w",
                  "refsource": "CONFIRM",
                  "url": "https://groups.google.com/g/golang-announce/c/mperVMGa98w"
                },
                {
                  "name": "https://blog.golang.org/path-security",
                  "refsource": "CONFIRM",
                  "url": "https://blog.golang.org/path-security"
                },
                {
                  "name": "FEDORA-2021-e435a8bb88",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20210219-0001/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20210219-0001/"
                },
                {
                  "name": "GLSA-202208-02",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/202208-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-3115",
        "datePublished": "2021-01-26T02:14:51.000Z",
        "dateReserved": "2021-01-11T00:00:00.000Z",
        "dateUpdated": "2024-08-03T16:45:51.223Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-3114 (GCVE-0-2021-3114)

    Vulnerability from nvd – Published: 2021-01-26 02:23 – Updated: 2024-08-03 16:45
    VLAI
    Summary
    In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T16:45:51.301Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://groups.google.com/g/golang-announce/c/mperVMGa98w"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/golang/go/commit/d95ca9138026cbe40e0857d76a81a16d03230871"
              },
              {
                "name": "FEDORA-2021-e435a8bb88",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/"
              },
              {
                "name": "DSA-4848",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2021/dsa-4848"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20210219-0001/"
              },
              {
                "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2591-1] golang-1.7 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html"
              },
              {
                "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2592-1] golang-1.8 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html"
              },
              {
                "name": "GLSA-202208-02",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202208-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-04T15:06:51.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://groups.google.com/g/golang-announce/c/mperVMGa98w"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/golang/go/commit/d95ca9138026cbe40e0857d76a81a16d03230871"
            },
            {
              "name": "FEDORA-2021-e435a8bb88",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/"
            },
            {
              "name": "DSA-4848",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2021/dsa-4848"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20210219-0001/"
            },
            {
              "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2591-1] golang-1.7 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html"
            },
            {
              "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2592-1] golang-1.8 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html"
            },
            {
              "name": "GLSA-202208-02",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/202208-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-3114",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://groups.google.com/g/golang-announce/c/mperVMGa98w",
                  "refsource": "CONFIRM",
                  "url": "https://groups.google.com/g/golang-announce/c/mperVMGa98w"
                },
                {
                  "name": "https://github.com/golang/go/commit/d95ca9138026cbe40e0857d76a81a16d03230871",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/golang/go/commit/d95ca9138026cbe40e0857d76a81a16d03230871"
                },
                {
                  "name": "FEDORA-2021-e435a8bb88",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/"
                },
                {
                  "name": "DSA-4848",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2021/dsa-4848"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20210219-0001/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20210219-0001/"
                },
                {
                  "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2591-1] golang-1.7 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html"
                },
                {
                  "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2592-1] golang-1.8 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html"
                },
                {
                  "name": "GLSA-202208-02",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/202208-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-3114",
        "datePublished": "2021-01-26T02:23:18.000Z",
        "dateReserved": "2021-01-11T00:00:00.000Z",
        "dateUpdated": "2024-08-03T16:45:51.301Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-28366 (GCVE-0-2020-28366)

    Vulnerability from nvd – Published: 2020-11-18 00:00 – Updated: 2024-08-04 16:33
    VLAI
    Title
    Arbitrary code execution in go command with cgo in cmd/go and cmd/cgo
    Summary
    Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file.
    Severity
    No CVSS data available.
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Go
    Impacted products
    Vendor Product Version
    Go toolchain cmd/go Affected: 0 , < 1.14.12 (semver)
    Affected: 1.15.0-0 , < 1.15.5 (semver)
    Create a notification for this product.
    Go toolchain cmd/cgo Affected: 0 , < 1.14.12 (semver)
    Affected: 1.15.0-0 , < 1.15.5 (semver)
    Create a notification for this product.
    Credits
    Chris Brown (Tempus Ex)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:33:58.955Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.dev/cl/269658"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.googlesource.com/go/+/062e0e5ce6df339dc26732438ad771f73dbf2292"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.dev/issue/42559"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://pkg.go.dev/vuln/GO-2022-0475"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "cmd/go",
              "product": "cmd/go",
              "programRoutines": [
                {
                  "name": "Builder.cgo"
                }
              ],
              "vendor": "Go toolchain",
              "versions": [
                {
                  "lessThan": "1.14.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.15.5",
                  "status": "affected",
                  "version": "1.15.0-0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "cmd/cgo",
              "product": "cmd/cgo",
              "programRoutines": [
                {
                  "name": "dynimport"
                }
              ],
              "vendor": "Go toolchain",
              "versions": [
                {
                  "lessThan": "1.14.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.15.5",
                  "status": "affected",
                  "version": "1.15.0-0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Chris Brown (Tempus Ex)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-12T19:04:21.017Z",
            "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
            "shortName": "Go"
          },
          "references": [
            {
              "url": "https://go.dev/cl/269658"
            },
            {
              "url": "https://go.googlesource.com/go/+/062e0e5ce6df339dc26732438ad771f73dbf2292"
            },
            {
              "url": "https://go.dev/issue/42559"
            },
            {
              "url": "https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM"
            },
            {
              "url": "https://pkg.go.dev/vuln/GO-2022-0475"
            }
          ],
          "title": "Arbitrary code execution in go command with cgo in cmd/go and cmd/cgo"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "assignerShortName": "Go",
        "cveId": "CVE-2020-28366",
        "datePublished": "2020-11-18T00:00:00.000Z",
        "dateReserved": "2020-11-09T00:00:00.000Z",
        "dateUpdated": "2024-08-04T16:33:58.955Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-28362 (GCVE-0-2020-28362)

    Vulnerability from nvd – Published: 2020-11-18 16:27 – Updated: 2024-08-04 16:33
    VLAI
    Summary
    Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2020-11-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:33:59.119Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[trafficcontrol-issues] 20201112 [GitHub] [trafficcontrol] zrhoffman opened a new pull request #5278: Update Go version to 1.15.5",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rd02e75766cd333a0df417588460f5e4477060633000bfe94955851fd%40%3Cissues.trafficcontrol.apache.org%3E"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://groups.google.com/g/golang-nuts/c/c-ssaaS7RMI"
              },
              {
                "name": "FEDORA-2020-864922e78a",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3ZSHGNTJWCWYAKY5OLZS2XQQYHSXSUO/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20201202-0004/"
              },
              {
                "name": "FEDORA-2020-e971480183",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2W4COUPL3YVTZ6RTEIT6LPBDJUFF3VSP/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12166-security-advisory-62"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2020-11-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-05T09:58:49.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[trafficcontrol-issues] 20201112 [GitHub] [trafficcontrol] zrhoffman opened a new pull request #5278: Update Go version to 1.15.5",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rd02e75766cd333a0df417588460f5e4477060633000bfe94955851fd%40%3Cissues.trafficcontrol.apache.org%3E"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://groups.google.com/g/golang-nuts/c/c-ssaaS7RMI"
            },
            {
              "name": "FEDORA-2020-864922e78a",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3ZSHGNTJWCWYAKY5OLZS2XQQYHSXSUO/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20201202-0004/"
            },
            {
              "name": "FEDORA-2020-e971480183",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2W4COUPL3YVTZ6RTEIT6LPBDJUFF3VSP/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12166-security-advisory-62"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-28362",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[trafficcontrol-issues] 20201112 [GitHub] [trafficcontrol] zrhoffman opened a new pull request #5278: Update Go version to 1.15.5",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rd02e75766cd333a0df417588460f5e4477060633000bfe94955851fd@%3Cissues.trafficcontrol.apache.org%3E"
                },
                {
                  "name": "https://groups.google.com/g/golang-nuts/c/c-ssaaS7RMI",
                  "refsource": "CONFIRM",
                  "url": "https://groups.google.com/g/golang-nuts/c/c-ssaaS7RMI"
                },
                {
                  "name": "FEDORA-2020-864922e78a",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F3ZSHGNTJWCWYAKY5OLZS2XQQYHSXSUO/"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20201202-0004/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20201202-0004/"
                },
                {
                  "name": "FEDORA-2020-e971480183",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2W4COUPL3YVTZ6RTEIT6LPBDJUFF3VSP/"
                },
                {
                  "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/12166-security-advisory-62",
                  "refsource": "MISC",
                  "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12166-security-advisory-62"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-28362",
        "datePublished": "2020-11-18T16:27:38.000Z",
        "dateReserved": "2020-11-09T00:00:00.000Z",
        "dateUpdated": "2024-08-04T16:33:59.119Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-16276 (GCVE-0-2019-16276)

    Vulnerability from nvd – Published: 2019-09-30 18:40 – Updated: 2024-08-05 01:10
    VLAI
    Summary
    Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2019-09-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T01:10:41.714Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/golang/go/issues/34540"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://groups.google.com/forum/#%21msg/golang-announce/cszieYyuL9Q/g4Z7pKaqAgAJ"
              },
              {
                "name": "FEDORA-2019-1b8cbd39ff",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LULL72EUUKIY4NWDZVJVN2LIB4MXHS5P/"
              },
              {
                "name": "FEDORA-2019-416d20f960",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q5MD2F7ATWSTB45ZJIPJHBAAHVRGRAKG/"
              },
              {
                "name": "FEDORA-2019-e99c1603c3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7GMJ3VXF5RXK2C7CL66KJ6XOOTOL5BJ/"
              },
              {
                "name": "openSUSE-SU-2019:2522",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html"
              },
              {
                "name": "openSUSE-SU-2019:2521",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20191122-0004/"
              },
              {
                "name": "RHSA-2020:0101",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2020:0101"
              },
              {
                "name": "RHSA-2020:0329",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2020:0329"
              },
              {
                "name": "RHSA-2020:0652",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2020:0652"
              },
              {
                "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2591-1] golang-1.7 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html"
              },
              {
                "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2592-1] golang-1.8 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2019-09-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-13T20:06:30.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/golang/go/issues/34540"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://groups.google.com/forum/#%21msg/golang-announce/cszieYyuL9Q/g4Z7pKaqAgAJ"
            },
            {
              "name": "FEDORA-2019-1b8cbd39ff",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LULL72EUUKIY4NWDZVJVN2LIB4MXHS5P/"
            },
            {
              "name": "FEDORA-2019-416d20f960",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q5MD2F7ATWSTB45ZJIPJHBAAHVRGRAKG/"
            },
            {
              "name": "FEDORA-2019-e99c1603c3",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7GMJ3VXF5RXK2C7CL66KJ6XOOTOL5BJ/"
            },
            {
              "name": "openSUSE-SU-2019:2522",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html"
            },
            {
              "name": "openSUSE-SU-2019:2521",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20191122-0004/"
            },
            {
              "name": "RHSA-2020:0101",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0101"
            },
            {
              "name": "RHSA-2020:0329",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0329"
            },
            {
              "name": "RHSA-2020:0652",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0652"
            },
            {
              "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2591-1] golang-1.7 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html"
            },
            {
              "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2592-1] golang-1.8 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-16276",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/golang/go/issues/34540",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/golang/go/issues/34540"
                },
                {
                  "name": "https://groups.google.com/forum/#!msg/golang-announce/cszieYyuL9Q/g4Z7pKaqAgAJ",
                  "refsource": "MISC",
                  "url": "https://groups.google.com/forum/#!msg/golang-announce/cszieYyuL9Q/g4Z7pKaqAgAJ"
                },
                {
                  "name": "FEDORA-2019-1b8cbd39ff",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LULL72EUUKIY4NWDZVJVN2LIB4MXHS5P/"
                },
                {
                  "name": "FEDORA-2019-416d20f960",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q5MD2F7ATWSTB45ZJIPJHBAAHVRGRAKG/"
                },
                {
                  "name": "FEDORA-2019-e99c1603c3",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7GMJ3VXF5RXK2C7CL66KJ6XOOTOL5BJ/"
                },
                {
                  "name": "openSUSE-SU-2019:2522",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html"
                },
                {
                  "name": "openSUSE-SU-2019:2521",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20191122-0004/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20191122-0004/"
                },
                {
                  "name": "RHSA-2020:0101",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2020:0101"
                },
                {
                  "name": "RHSA-2020:0329",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2020:0329"
                },
                {
                  "name": "RHSA-2020:0652",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2020:0652"
                },
                {
                  "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2591-1] golang-1.7 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html"
                },
                {
                  "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2592-1] golang-1.8 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-16276",
        "datePublished": "2019-09-30T18:40:12.000Z",
        "dateReserved": "2019-09-12T00:00:00.000Z",
        "dateUpdated": "2024-08-05T01:10:41.714Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-30634 (GCVE-0-2022-30634)

    Vulnerability from cvelistv5 – Published: 2022-07-15 19:36 – Updated: 2024-08-03 06:56
    VLAI
    Title
    Indefinite hang with large buffers on Windows in crypto/rand
    Summary
    Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.
    Severity
    No CVSS data available.
    CWE
    • CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
    Assigner
    Go
    Impacted products
    Vendor Product Version
    Go standard library crypto/rand Affected: 0 , < 1.17.11 (semver)
    Affected: 1.18.0-0 , < 1.18.3 (semver)
    Create a notification for this product.
    Credits
    Davis Goodin Quim Muntal of Microsoft
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:56:13.255Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.dev/cl/402257"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.googlesource.com/go/+/bb1f4416180511231de6d17a1f2f55c82aafc863"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.dev/issue/52561"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://pkg.go.dev/vuln/GO-2022-0477"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "crypto/rand",
              "platforms": [
                "windows"
              ],
              "product": "crypto/rand",
              "programRoutines": [
                {
                  "name": "Read"
                }
              ],
              "vendor": "Go standard library",
              "versions": [
                {
                  "lessThan": "1.17.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.18.3",
                  "status": "affected",
                  "version": "1.18.0-0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Davis Goodin"
            },
            {
              "lang": "en",
              "value": "Quim Muntal of Microsoft"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 \u003c\u003c 32 - 1 bytes."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-12T19:04:27.361Z",
            "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
            "shortName": "Go"
          },
          "references": [
            {
              "url": "https://go.dev/cl/402257"
            },
            {
              "url": "https://go.googlesource.com/go/+/bb1f4416180511231de6d17a1f2f55c82aafc863"
            },
            {
              "url": "https://go.dev/issue/52561"
            },
            {
              "url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ"
            },
            {
              "url": "https://pkg.go.dev/vuln/GO-2022-0477"
            }
          ],
          "title": "Indefinite hang with large buffers on Windows in crypto/rand"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "assignerShortName": "Go",
        "cveId": "CVE-2022-30634",
        "datePublished": "2022-07-15T19:36:19.000Z",
        "dateReserved": "2022-05-12T00:00:00.000Z",
        "dateUpdated": "2024-08-03T06:56:13.255Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23773 (GCVE-0-2022-23773)

    Vulnerability from cvelistv5 – Published: 2022-02-11 00:16 – Updated: 2024-08-03 03:51
    VLAI
    Summary
    cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:51:45.976Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20220225-0006/"
              },
              {
                "name": "GLSA-202208-02",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202208-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-04T15:12:04.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20220225-0006/"
            },
            {
              "name": "GLSA-202208-02",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/202208-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2022-23773",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
                },
                {
                  "name": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
                  "refsource": "MISC",
                  "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20220225-0006/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20220225-0006/"
                },
                {
                  "name": "GLSA-202208-02",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/202208-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-23773",
        "datePublished": "2022-02-11T00:16:08.000Z",
        "dateReserved": "2022-01-20T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:51:45.976Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23772 (GCVE-0-2022-23772)

    Vulnerability from cvelistv5 – Published: 2022-02-11 00:11 – Updated: 2024-08-03 03:51
    VLAI
    Summary
    Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:51:46.050Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2985-1] golang-1.7 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html"
              },
              {
                "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2986-1] golang-1.8 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20220225-0006/"
              },
              {
                "name": "GLSA-202208-02",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202208-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-04T15:08:10.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2985-1] golang-1.7 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html"
            },
            {
              "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2986-1] golang-1.8 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20220225-0006/"
            },
            {
              "name": "GLSA-202208-02",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/202208-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2022-23772",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2985-1] golang-1.7 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html"
                },
                {
                  "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2986-1] golang-1.8 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
                },
                {
                  "name": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
                  "refsource": "MISC",
                  "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20220225-0006/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20220225-0006/"
                },
                {
                  "name": "GLSA-202208-02",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/202208-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-23772",
        "datePublished": "2022-02-11T00:11:15.000Z",
        "dateReserved": "2022-01-20T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:51:46.050Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23806 (GCVE-0-2022-23806)

    Vulnerability from cvelistv5 – Published: 2022-02-11 00:00 – Updated: 2024-08-03 03:51
    VLAI
    Summary
    Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:51:45.994Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2985-1] golang-1.7 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html"
              },
              {
                "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2986-1] golang-1.8 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20220225-0006/"
              },
              {
                "name": "GLSA-202208-02",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202208-02"
              },
              {
                "name": "[debian-lts-announce] 20230419 [SECURITY] [DLA 3395-1] golang-1.11 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-19T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2985-1] golang-1.7 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html"
            },
            {
              "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2986-1] golang-1.8 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            },
            {
              "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20220225-0006/"
            },
            {
              "name": "GLSA-202208-02",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202208-02"
            },
            {
              "name": "[debian-lts-announce] 20230419 [SECURITY] [DLA 3395-1] golang-1.11 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-23806",
        "datePublished": "2022-02-11T00:00:00.000Z",
        "dateReserved": "2022-01-21T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:51:45.994Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33195 (GCVE-0-2021-33195)

    Vulnerability from cvelistv5 – Published: 2021-08-02 18:51 – Updated: 2024-08-03 23:42
    VLAI
    Summary
    Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:42:20.281Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://groups.google.com/g/golang-announce"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20210902-0005/"
              },
              {
                "name": "GLSA-202208-02",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202208-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-04T15:07:31.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://groups.google.com/g/golang-announce"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20210902-0005/"
            },
            {
              "name": "GLSA-202208-02",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/202208-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-33195",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://groups.google.com/g/golang-announce",
                  "refsource": "MISC",
                  "url": "https://groups.google.com/g/golang-announce"
                },
                {
                  "name": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI",
                  "refsource": "MISC",
                  "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20210902-0005/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20210902-0005/"
                },
                {
                  "name": "GLSA-202208-02",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/202208-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-33195",
        "datePublished": "2021-08-02T18:51:34.000Z",
        "dateReserved": "2021-05-19T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:42:20.281Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-3114 (GCVE-0-2021-3114)

    Vulnerability from cvelistv5 – Published: 2021-01-26 02:23 – Updated: 2024-08-03 16:45
    VLAI
    Summary
    In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T16:45:51.301Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://groups.google.com/g/golang-announce/c/mperVMGa98w"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/golang/go/commit/d95ca9138026cbe40e0857d76a81a16d03230871"
              },
              {
                "name": "FEDORA-2021-e435a8bb88",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/"
              },
              {
                "name": "DSA-4848",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2021/dsa-4848"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20210219-0001/"
              },
              {
                "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2591-1] golang-1.7 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html"
              },
              {
                "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2592-1] golang-1.8 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html"
              },
              {
                "name": "GLSA-202208-02",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202208-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-04T15:06:51.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://groups.google.com/g/golang-announce/c/mperVMGa98w"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/golang/go/commit/d95ca9138026cbe40e0857d76a81a16d03230871"
            },
            {
              "name": "FEDORA-2021-e435a8bb88",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/"
            },
            {
              "name": "DSA-4848",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2021/dsa-4848"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20210219-0001/"
            },
            {
              "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2591-1] golang-1.7 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html"
            },
            {
              "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2592-1] golang-1.8 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html"
            },
            {
              "name": "GLSA-202208-02",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/202208-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-3114",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://groups.google.com/g/golang-announce/c/mperVMGa98w",
                  "refsource": "CONFIRM",
                  "url": "https://groups.google.com/g/golang-announce/c/mperVMGa98w"
                },
                {
                  "name": "https://github.com/golang/go/commit/d95ca9138026cbe40e0857d76a81a16d03230871",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/golang/go/commit/d95ca9138026cbe40e0857d76a81a16d03230871"
                },
                {
                  "name": "FEDORA-2021-e435a8bb88",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/"
                },
                {
                  "name": "DSA-4848",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2021/dsa-4848"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20210219-0001/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20210219-0001/"
                },
                {
                  "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2591-1] golang-1.7 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html"
                },
                {
                  "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2592-1] golang-1.8 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html"
                },
                {
                  "name": "GLSA-202208-02",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/202208-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-3114",
        "datePublished": "2021-01-26T02:23:18.000Z",
        "dateReserved": "2021-01-11T00:00:00.000Z",
        "dateUpdated": "2024-08-03T16:45:51.301Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-3115 (GCVE-0-2021-3115)

    Vulnerability from cvelistv5 – Published: 2021-01-26 02:14 – Updated: 2024-08-03 16:45
    VLAI
    Summary
    Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T16:45:51.223Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://groups.google.com/g/golang-announce/c/mperVMGa98w"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://blog.golang.org/path-security"
              },
              {
                "name": "FEDORA-2021-e435a8bb88",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20210219-0001/"
              },
              {
                "name": "GLSA-202208-02",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202208-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the \"go get\" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-04T15:09:52.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://groups.google.com/g/golang-announce/c/mperVMGa98w"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://blog.golang.org/path-security"
            },
            {
              "name": "FEDORA-2021-e435a8bb88",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20210219-0001/"
            },
            {
              "name": "GLSA-202208-02",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/202208-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-3115",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the \"go get\" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://groups.google.com/g/golang-announce/c/mperVMGa98w",
                  "refsource": "CONFIRM",
                  "url": "https://groups.google.com/g/golang-announce/c/mperVMGa98w"
                },
                {
                  "name": "https://blog.golang.org/path-security",
                  "refsource": "CONFIRM",
                  "url": "https://blog.golang.org/path-security"
                },
                {
                  "name": "FEDORA-2021-e435a8bb88",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20210219-0001/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20210219-0001/"
                },
                {
                  "name": "GLSA-202208-02",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/202208-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-3115",
        "datePublished": "2021-01-26T02:14:51.000Z",
        "dateReserved": "2021-01-11T00:00:00.000Z",
        "dateUpdated": "2024-08-03T16:45:51.223Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-28362 (GCVE-0-2020-28362)

    Vulnerability from cvelistv5 – Published: 2020-11-18 16:27 – Updated: 2024-08-04 16:33
    VLAI
    Summary
    Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2020-11-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:33:59.119Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[trafficcontrol-issues] 20201112 [GitHub] [trafficcontrol] zrhoffman opened a new pull request #5278: Update Go version to 1.15.5",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rd02e75766cd333a0df417588460f5e4477060633000bfe94955851fd%40%3Cissues.trafficcontrol.apache.org%3E"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://groups.google.com/g/golang-nuts/c/c-ssaaS7RMI"
              },
              {
                "name": "FEDORA-2020-864922e78a",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3ZSHGNTJWCWYAKY5OLZS2XQQYHSXSUO/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20201202-0004/"
              },
              {
                "name": "FEDORA-2020-e971480183",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2W4COUPL3YVTZ6RTEIT6LPBDJUFF3VSP/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12166-security-advisory-62"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2020-11-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-05T09:58:49.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[trafficcontrol-issues] 20201112 [GitHub] [trafficcontrol] zrhoffman opened a new pull request #5278: Update Go version to 1.15.5",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rd02e75766cd333a0df417588460f5e4477060633000bfe94955851fd%40%3Cissues.trafficcontrol.apache.org%3E"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://groups.google.com/g/golang-nuts/c/c-ssaaS7RMI"
            },
            {
              "name": "FEDORA-2020-864922e78a",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3ZSHGNTJWCWYAKY5OLZS2XQQYHSXSUO/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20201202-0004/"
            },
            {
              "name": "FEDORA-2020-e971480183",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2W4COUPL3YVTZ6RTEIT6LPBDJUFF3VSP/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12166-security-advisory-62"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-28362",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[trafficcontrol-issues] 20201112 [GitHub] [trafficcontrol] zrhoffman opened a new pull request #5278: Update Go version to 1.15.5",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rd02e75766cd333a0df417588460f5e4477060633000bfe94955851fd@%3Cissues.trafficcontrol.apache.org%3E"
                },
                {
                  "name": "https://groups.google.com/g/golang-nuts/c/c-ssaaS7RMI",
                  "refsource": "CONFIRM",
                  "url": "https://groups.google.com/g/golang-nuts/c/c-ssaaS7RMI"
                },
                {
                  "name": "FEDORA-2020-864922e78a",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F3ZSHGNTJWCWYAKY5OLZS2XQQYHSXSUO/"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20201202-0004/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20201202-0004/"
                },
                {
                  "name": "FEDORA-2020-e971480183",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2W4COUPL3YVTZ6RTEIT6LPBDJUFF3VSP/"
                },
                {
                  "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/12166-security-advisory-62",
                  "refsource": "MISC",
                  "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12166-security-advisory-62"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-28362",
        "datePublished": "2020-11-18T16:27:38.000Z",
        "dateReserved": "2020-11-09T00:00:00.000Z",
        "dateUpdated": "2024-08-04T16:33:59.119Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-28366 (GCVE-0-2020-28366)

    Vulnerability from cvelistv5 – Published: 2020-11-18 00:00 – Updated: 2024-08-04 16:33
    VLAI
    Title
    Arbitrary code execution in go command with cgo in cmd/go and cmd/cgo
    Summary
    Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file.
    Severity
    No CVSS data available.
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Go
    Impacted products
    Vendor Product Version
    Go toolchain cmd/go Affected: 0 , < 1.14.12 (semver)
    Affected: 1.15.0-0 , < 1.15.5 (semver)
    Create a notification for this product.
    Go toolchain cmd/cgo Affected: 0 , < 1.14.12 (semver)
    Affected: 1.15.0-0 , < 1.15.5 (semver)
    Create a notification for this product.
    Credits
    Chris Brown (Tempus Ex)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:33:58.955Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.dev/cl/269658"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.googlesource.com/go/+/062e0e5ce6df339dc26732438ad771f73dbf2292"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.dev/issue/42559"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://pkg.go.dev/vuln/GO-2022-0475"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "cmd/go",
              "product": "cmd/go",
              "programRoutines": [
                {
                  "name": "Builder.cgo"
                }
              ],
              "vendor": "Go toolchain",
              "versions": [
                {
                  "lessThan": "1.14.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.15.5",
                  "status": "affected",
                  "version": "1.15.0-0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "cmd/cgo",
              "product": "cmd/cgo",
              "programRoutines": [
                {
                  "name": "dynimport"
                }
              ],
              "vendor": "Go toolchain",
              "versions": [
                {
                  "lessThan": "1.14.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.15.5",
                  "status": "affected",
                  "version": "1.15.0-0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Chris Brown (Tempus Ex)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-12T19:04:21.017Z",
            "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
            "shortName": "Go"
          },
          "references": [
            {
              "url": "https://go.dev/cl/269658"
            },
            {
              "url": "https://go.googlesource.com/go/+/062e0e5ce6df339dc26732438ad771f73dbf2292"
            },
            {
              "url": "https://go.dev/issue/42559"
            },
            {
              "url": "https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM"
            },
            {
              "url": "https://pkg.go.dev/vuln/GO-2022-0475"
            }
          ],
          "title": "Arbitrary code execution in go command with cgo in cmd/go and cmd/cgo"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "assignerShortName": "Go",
        "cveId": "CVE-2020-28366",
        "datePublished": "2020-11-18T00:00:00.000Z",
        "dateReserved": "2020-11-09T00:00:00.000Z",
        "dateUpdated": "2024-08-04T16:33:58.955Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-16276 (GCVE-0-2019-16276)

    Vulnerability from cvelistv5 – Published: 2019-09-30 18:40 – Updated: 2024-08-05 01:10
    VLAI
    Summary
    Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2019-09-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T01:10:41.714Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/golang/go/issues/34540"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://groups.google.com/forum/#%21msg/golang-announce/cszieYyuL9Q/g4Z7pKaqAgAJ"
              },
              {
                "name": "FEDORA-2019-1b8cbd39ff",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LULL72EUUKIY4NWDZVJVN2LIB4MXHS5P/"
              },
              {
                "name": "FEDORA-2019-416d20f960",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q5MD2F7ATWSTB45ZJIPJHBAAHVRGRAKG/"
              },
              {
                "name": "FEDORA-2019-e99c1603c3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7GMJ3VXF5RXK2C7CL66KJ6XOOTOL5BJ/"
              },
              {
                "name": "openSUSE-SU-2019:2522",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html"
              },
              {
                "name": "openSUSE-SU-2019:2521",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20191122-0004/"
              },
              {
                "name": "RHSA-2020:0101",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2020:0101"
              },
              {
                "name": "RHSA-2020:0329",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2020:0329"
              },
              {
                "name": "RHSA-2020:0652",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2020:0652"
              },
              {
                "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2591-1] golang-1.7 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html"
              },
              {
                "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2592-1] golang-1.8 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2019-09-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-13T20:06:30.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/golang/go/issues/34540"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://groups.google.com/forum/#%21msg/golang-announce/cszieYyuL9Q/g4Z7pKaqAgAJ"
            },
            {
              "name": "FEDORA-2019-1b8cbd39ff",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LULL72EUUKIY4NWDZVJVN2LIB4MXHS5P/"
            },
            {
              "name": "FEDORA-2019-416d20f960",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q5MD2F7ATWSTB45ZJIPJHBAAHVRGRAKG/"
            },
            {
              "name": "FEDORA-2019-e99c1603c3",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7GMJ3VXF5RXK2C7CL66KJ6XOOTOL5BJ/"
            },
            {
              "name": "openSUSE-SU-2019:2522",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html"
            },
            {
              "name": "openSUSE-SU-2019:2521",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20191122-0004/"
            },
            {
              "name": "RHSA-2020:0101",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0101"
            },
            {
              "name": "RHSA-2020:0329",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0329"
            },
            {
              "name": "RHSA-2020:0652",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0652"
            },
            {
              "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2591-1] golang-1.7 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html"
            },
            {
              "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2592-1] golang-1.8 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-16276",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/golang/go/issues/34540",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/golang/go/issues/34540"
                },
                {
                  "name": "https://groups.google.com/forum/#!msg/golang-announce/cszieYyuL9Q/g4Z7pKaqAgAJ",
                  "refsource": "MISC",
                  "url": "https://groups.google.com/forum/#!msg/golang-announce/cszieYyuL9Q/g4Z7pKaqAgAJ"
                },
                {
                  "name": "FEDORA-2019-1b8cbd39ff",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LULL72EUUKIY4NWDZVJVN2LIB4MXHS5P/"
                },
                {
                  "name": "FEDORA-2019-416d20f960",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q5MD2F7ATWSTB45ZJIPJHBAAHVRGRAKG/"
                },
                {
                  "name": "FEDORA-2019-e99c1603c3",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7GMJ3VXF5RXK2C7CL66KJ6XOOTOL5BJ/"
                },
                {
                  "name": "openSUSE-SU-2019:2522",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html"
                },
                {
                  "name": "openSUSE-SU-2019:2521",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20191122-0004/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20191122-0004/"
                },
                {
                  "name": "RHSA-2020:0101",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2020:0101"
                },
                {
                  "name": "RHSA-2020:0329",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2020:0329"
                },
                {
                  "name": "RHSA-2020:0652",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2020:0652"
                },
                {
                  "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2591-1] golang-1.7 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html"
                },
                {
                  "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2592-1] golang-1.8 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-16276",
        "datePublished": "2019-09-30T18:40:12.000Z",
        "dateReserved": "2019-09-12T00:00:00.000Z",
        "dateUpdated": "2024-08-05T01:10:41.714Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }