All the vulnerabilites related to netapp - cloud_insights_telegraf_agent
cve-2019-16276
Vulnerability from cvelistv5
Published
2019-09-30 18:40
Modified
2024-08-05 01:10
Severity ?
EPSS score ?
Summary
Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T01:10:41.714Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/golang/go/issues/34540" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://groups.google.com/forum/#%21msg/golang-announce/cszieYyuL9Q/g4Z7pKaqAgAJ" }, { "name": "FEDORA-2019-1b8cbd39ff", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LULL72EUUKIY4NWDZVJVN2LIB4MXHS5P/" }, { "name": "FEDORA-2019-416d20f960", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q5MD2F7ATWSTB45ZJIPJHBAAHVRGRAKG/" }, { "name": "FEDORA-2019-e99c1603c3", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7GMJ3VXF5RXK2C7CL66KJ6XOOTOL5BJ/" }, { "name": "openSUSE-SU-2019:2522", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html" }, { "name": "openSUSE-SU-2019:2521", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20191122-0004/" }, { "name": "RHSA-2020:0101", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2020:0101" }, { "name": "RHSA-2020:0329", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2020:0329" }, { "name": "RHSA-2020:0652", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2020:0652" }, { "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2591-1] golang-1.7 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html" }, { "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2592-1] golang-1.8 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2019-09-25T00:00:00", "descriptions": [ { "lang": "en", "value": "Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-03-13T20:06:30", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/golang/go/issues/34540" }, { "tags": [ "x_refsource_MISC" ], "url": "https://groups.google.com/forum/#%21msg/golang-announce/cszieYyuL9Q/g4Z7pKaqAgAJ" }, { "name": "FEDORA-2019-1b8cbd39ff", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LULL72EUUKIY4NWDZVJVN2LIB4MXHS5P/" }, { "name": "FEDORA-2019-416d20f960", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q5MD2F7ATWSTB45ZJIPJHBAAHVRGRAKG/" }, { "name": "FEDORA-2019-e99c1603c3", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7GMJ3VXF5RXK2C7CL66KJ6XOOTOL5BJ/" }, { "name": "openSUSE-SU-2019:2522", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html" }, { "name": "openSUSE-SU-2019:2521", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20191122-0004/" }, { "name": "RHSA-2020:0101", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2020:0101" }, { "name": "RHSA-2020:0329", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2020:0329" }, { "name": "RHSA-2020:0652", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2020:0652" }, { "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2591-1] golang-1.7 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html" }, { "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2592-1] golang-1.8 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-16276", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/golang/go/issues/34540", "refsource": "CONFIRM", "url": "https://github.com/golang/go/issues/34540" }, { "name": "https://groups.google.com/forum/#!msg/golang-announce/cszieYyuL9Q/g4Z7pKaqAgAJ", "refsource": "MISC", "url": "https://groups.google.com/forum/#!msg/golang-announce/cszieYyuL9Q/g4Z7pKaqAgAJ" }, { "name": "FEDORA-2019-1b8cbd39ff", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LULL72EUUKIY4NWDZVJVN2LIB4MXHS5P/" }, { "name": "FEDORA-2019-416d20f960", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q5MD2F7ATWSTB45ZJIPJHBAAHVRGRAKG/" }, { "name": "FEDORA-2019-e99c1603c3", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7GMJ3VXF5RXK2C7CL66KJ6XOOTOL5BJ/" }, { "name": "openSUSE-SU-2019:2522", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html" }, { "name": "openSUSE-SU-2019:2521", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html" }, { "name": "https://security.netapp.com/advisory/ntap-20191122-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20191122-0004/" }, { "name": "RHSA-2020:0101", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0101" }, { "name": "RHSA-2020:0329", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0329" }, { "name": "RHSA-2020:0652", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0652" }, { "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2591-1] golang-1.7 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html" }, { "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2592-1] golang-1.8 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-16276", "datePublished": "2019-09-30T18:40:12", "dateReserved": "2019-09-12T00:00:00", "dateUpdated": "2024-08-05T01:10:41.714Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-23806
Vulnerability from cvelistv5
Published
2022-02-11 00:00
Modified
2024-08-03 03:51
Severity ?
EPSS score ?
Summary
Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:51:45.994Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2985-1] golang-1.7 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html" }, { "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2986-1] golang-1.8 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "tags": [ "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220225-0006/" }, { "name": "GLSA-202208-02", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202208-02" }, { "name": "[debian-lts-announce] 20230419 [SECURITY] [DLA 3395-1] golang-1.11 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-19T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2985-1] golang-1.7 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html" }, { "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2986-1] golang-1.8 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html" }, { "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ" }, { "url": "https://security.netapp.com/advisory/ntap-20220225-0006/" }, { "name": "GLSA-202208-02", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202208-02" }, { "name": "[debian-lts-announce] 20230419 [SECURITY] [DLA 3395-1] golang-1.11 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-23806", "datePublished": "2022-02-11T00:00:00", "dateReserved": "2022-01-21T00:00:00", "dateUpdated": "2024-08-03T03:51:45.994Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-33195
Vulnerability from cvelistv5
Published
2021-08-02 18:51
Modified
2024-08-03 23:42
Severity ?
EPSS score ?
Summary
Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.
References
▼ | URL | Tags |
---|---|---|
https://groups.google.com/g/golang-announce | x_refsource_MISC | |
https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20210902-0005/ | x_refsource_CONFIRM | |
https://security.gentoo.org/glsa/202208-02 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T23:42:20.281Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://groups.google.com/g/golang-announce" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210902-0005/" }, { "name": "GLSA-202208-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202208-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-04T15:07:31", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://groups.google.com/g/golang-announce" }, { "tags": [ "x_refsource_MISC" ], "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20210902-0005/" }, { "name": "GLSA-202208-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202208-02" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-33195", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://groups.google.com/g/golang-announce", "refsource": "MISC", "url": "https://groups.google.com/g/golang-announce" }, { "name": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", "refsource": "MISC", "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI" }, { "name": "https://security.netapp.com/advisory/ntap-20210902-0005/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210902-0005/" }, { "name": "GLSA-202208-02", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202208-02" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-33195", "datePublished": "2021-08-02T18:51:34", "dateReserved": "2021-05-19T00:00:00", "dateUpdated": "2024-08-03T23:42:20.281Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-3114
Vulnerability from cvelistv5
Published
2021-01-26 02:23
Modified
2024-08-03 16:45
Severity ?
EPSS score ?
Summary
In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.
References
▼ | URL | Tags |
---|---|---|
https://groups.google.com/g/golang-announce/c/mperVMGa98w | x_refsource_CONFIRM | |
https://github.com/golang/go/commit/d95ca9138026cbe40e0857d76a81a16d03230871 | x_refsource_CONFIRM | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/ | vendor-advisory, x_refsource_FEDORA | |
https://www.debian.org/security/2021/dsa-4848 | vendor-advisory, x_refsource_DEBIAN | |
https://security.netapp.com/advisory/ntap-20210219-0001/ | x_refsource_CONFIRM | |
https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html | mailing-list, x_refsource_MLIST | |
https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html | mailing-list, x_refsource_MLIST | |
https://security.gentoo.org/glsa/202208-02 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:45:51.301Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/mperVMGa98w" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/golang/go/commit/d95ca9138026cbe40e0857d76a81a16d03230871" }, { "name": "FEDORA-2021-e435a8bb88", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/" }, { "name": "DSA-4848", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2021/dsa-4848" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210219-0001/" }, { "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2591-1] golang-1.7 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html" }, { "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2592-1] golang-1.8 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html" }, { "name": "GLSA-202208-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202208-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-04T15:06:51", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://groups.google.com/g/golang-announce/c/mperVMGa98w" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/golang/go/commit/d95ca9138026cbe40e0857d76a81a16d03230871" }, { "name": "FEDORA-2021-e435a8bb88", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/" }, { "name": "DSA-4848", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2021/dsa-4848" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20210219-0001/" }, { "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2591-1] golang-1.7 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html" }, { "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2592-1] golang-1.8 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html" }, { "name": "GLSA-202208-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202208-02" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-3114", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://groups.google.com/g/golang-announce/c/mperVMGa98w", "refsource": "CONFIRM", "url": "https://groups.google.com/g/golang-announce/c/mperVMGa98w" }, { "name": "https://github.com/golang/go/commit/d95ca9138026cbe40e0857d76a81a16d03230871", "refsource": "CONFIRM", "url": "https://github.com/golang/go/commit/d95ca9138026cbe40e0857d76a81a16d03230871" }, { "name": "FEDORA-2021-e435a8bb88", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/" }, { "name": "DSA-4848", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4848" }, { "name": "https://security.netapp.com/advisory/ntap-20210219-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210219-0001/" }, { "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2591-1] golang-1.7 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html" }, { "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2592-1] golang-1.8 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html" }, { "name": "GLSA-202208-02", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202208-02" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-3114", "datePublished": "2021-01-26T02:23:18", "dateReserved": "2021-01-11T00:00:00", "dateUpdated": "2024-08-03T16:45:51.301Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-23772
Vulnerability from cvelistv5
Published
2022-02-11 00:11
Modified
2024-08-03 03:51
Severity ?
EPSS score ?
Summary
Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.
References
▼ | URL | Tags |
---|---|---|
https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html | mailing-list, x_refsource_MLIST | |
https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html | mailing-list, x_refsource_MLIST | |
https://www.oracle.com/security-alerts/cpujul2022.html | x_refsource_MISC | |
https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20220225-0006/ | x_refsource_CONFIRM | |
https://security.gentoo.org/glsa/202208-02 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:51:46.050Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2985-1] golang-1.7 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html" }, { "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2986-1] golang-1.8 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220225-0006/" }, { "name": "GLSA-202208-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202208-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-04T15:08:10", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2985-1] golang-1.7 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html" }, { "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2986-1] golang-1.8 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220225-0006/" }, { "name": "GLSA-202208-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202208-02" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-23772", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2985-1] golang-1.7 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html" }, { "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2986-1] golang-1.8 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html" }, { "name": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "name": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", "refsource": "MISC", "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ" }, { "name": "https://security.netapp.com/advisory/ntap-20220225-0006/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220225-0006/" }, { "name": "GLSA-202208-02", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202208-02" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-23772", "datePublished": "2022-02-11T00:11:15", "dateReserved": "2022-01-20T00:00:00", "dateUpdated": "2024-08-03T03:51:46.050Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-23773
Vulnerability from cvelistv5
Published
2022-02-11 00:16
Modified
2024-08-03 03:51
Severity ?
EPSS score ?
Summary
cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.
References
▼ | URL | Tags |
---|---|---|
https://www.oracle.com/security-alerts/cpujul2022.html | x_refsource_MISC | |
https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20220225-0006/ | x_refsource_CONFIRM | |
https://security.gentoo.org/glsa/202208-02 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:51:45.976Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220225-0006/" }, { "name": "GLSA-202208-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202208-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-04T15:12:04", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220225-0006/" }, { "name": "GLSA-202208-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202208-02" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-23773", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "name": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", "refsource": "MISC", "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ" }, { "name": "https://security.netapp.com/advisory/ntap-20220225-0006/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220225-0006/" }, { "name": "GLSA-202208-02", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202208-02" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-23773", "datePublished": "2022-02-11T00:16:08", "dateReserved": "2022-01-20T00:00:00", "dateUpdated": "2024-08-03T03:51:45.976Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-28362
Vulnerability from cvelistv5
Published
2020-11-18 16:27
Modified
2024-08-04 16:33
Severity ?
EPSS score ?
Summary
Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.
References
▼ | URL | Tags |
---|---|---|
https://lists.apache.org/thread.html/rd02e75766cd333a0df417588460f5e4477060633000bfe94955851fd%40%3Cissues.trafficcontrol.apache.org%3E | mailing-list, x_refsource_MLIST | |
https://groups.google.com/g/golang-nuts/c/c-ssaaS7RMI | x_refsource_CONFIRM | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3ZSHGNTJWCWYAKY5OLZS2XQQYHSXSUO/ | vendor-advisory, x_refsource_FEDORA | |
https://security.netapp.com/advisory/ntap-20201202-0004/ | x_refsource_CONFIRM | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2W4COUPL3YVTZ6RTEIT6LPBDJUFF3VSP/ | vendor-advisory, x_refsource_FEDORA | |
https://www.arista.com/en/support/advisories-notices/security-advisories/12166-security-advisory-62 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:33:59.119Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[trafficcontrol-issues] 20201112 [GitHub] [trafficcontrol] zrhoffman opened a new pull request #5278: Update Go version to 1.15.5", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rd02e75766cd333a0df417588460f5e4477060633000bfe94955851fd%40%3Cissues.trafficcontrol.apache.org%3E" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://groups.google.com/g/golang-nuts/c/c-ssaaS7RMI" }, { "name": "FEDORA-2020-864922e78a", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3ZSHGNTJWCWYAKY5OLZS2XQQYHSXSUO/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20201202-0004/" }, { "name": "FEDORA-2020-e971480183", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2W4COUPL3YVTZ6RTEIT6LPBDJUFF3VSP/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12166-security-advisory-62" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2020-11-12T00:00:00", "descriptions": [ { "lang": "en", "value": "Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-11-05T09:58:49", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "[trafficcontrol-issues] 20201112 [GitHub] [trafficcontrol] zrhoffman opened a new pull request #5278: Update Go version to 1.15.5", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rd02e75766cd333a0df417588460f5e4477060633000bfe94955851fd%40%3Cissues.trafficcontrol.apache.org%3E" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://groups.google.com/g/golang-nuts/c/c-ssaaS7RMI" }, { "name": "FEDORA-2020-864922e78a", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3ZSHGNTJWCWYAKY5OLZS2XQQYHSXSUO/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20201202-0004/" }, { "name": "FEDORA-2020-e971480183", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2W4COUPL3YVTZ6RTEIT6LPBDJUFF3VSP/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12166-security-advisory-62" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-28362", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "[trafficcontrol-issues] 20201112 [GitHub] [trafficcontrol] zrhoffman opened a new pull request #5278: Update Go version to 1.15.5", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rd02e75766cd333a0df417588460f5e4477060633000bfe94955851fd@%3Cissues.trafficcontrol.apache.org%3E" }, { "name": "https://groups.google.com/g/golang-nuts/c/c-ssaaS7RMI", "refsource": "CONFIRM", "url": "https://groups.google.com/g/golang-nuts/c/c-ssaaS7RMI" }, { "name": "FEDORA-2020-864922e78a", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F3ZSHGNTJWCWYAKY5OLZS2XQQYHSXSUO/" }, { "name": "https://security.netapp.com/advisory/ntap-20201202-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20201202-0004/" }, { "name": "FEDORA-2020-e971480183", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2W4COUPL3YVTZ6RTEIT6LPBDJUFF3VSP/" }, { "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/12166-security-advisory-62", "refsource": "MISC", "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12166-security-advisory-62" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-28362", "datePublished": "2020-11-18T16:27:38", "dateReserved": "2020-11-09T00:00:00", "dateUpdated": "2024-08-04T16:33:59.119Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-30634
Vulnerability from cvelistv5
Published
2022-07-15 19:36
Modified
2024-08-03 06:56
Severity ?
EPSS score ?
Summary
Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Go standard library | crypto/rand |
Version: 0 ≤ Version: 1.18.0-0 ≤ |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:56:13.255Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://go.dev/cl/402257" }, { "tags": [ "x_transferred" ], "url": "https://go.googlesource.com/go/+/bb1f4416180511231de6d17a1f2f55c82aafc863" }, { "tags": [ "x_transferred" ], "url": "https://go.dev/issue/52561" }, { "tags": [ "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ" }, { "tags": [ "x_transferred" ], "url": "https://pkg.go.dev/vuln/GO-2022-0477" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "packageName": "crypto/rand", "platforms": [ "windows" ], "product": "crypto/rand", "programRoutines": [ { "name": "Read" } ], "vendor": "Go standard library", "versions": [ { "lessThan": "1.17.11", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "1.18.3", "status": "affected", "version": "1.18.0-0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "value": "Davis Goodin" }, { "lang": "en", "value": "Quim Muntal of Microsoft" } ], "descriptions": [ { "lang": "en", "value": "Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 \u003c\u003c 32 - 1 bytes." } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-12T19:04:27.361Z", "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go" }, "references": [ { "url": "https://go.dev/cl/402257" }, { "url": "https://go.googlesource.com/go/+/bb1f4416180511231de6d17a1f2f55c82aafc863" }, { "url": "https://go.dev/issue/52561" }, { "url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ" }, { "url": "https://pkg.go.dev/vuln/GO-2022-0477" } ], "title": "Indefinite hang with large buffers on Windows in crypto/rand" } }, "cveMetadata": { "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "assignerShortName": "Go", "cveId": "CVE-2022-30634", "datePublished": "2022-07-15T19:36:19", "dateReserved": "2022-05-12T00:00:00", "dateUpdated": "2024-08-03T06:56:13.255Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-28366
Vulnerability from cvelistv5
Published
2020-11-18 00:00
Modified
2024-08-04 16:33
Severity ?
EPSS score ?
Summary
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Go toolchain | cmd/go |
Version: 0 ≤ Version: 1.15.0-0 ≤ |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:33:58.955Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://go.dev/cl/269658" }, { "tags": [ "x_transferred" ], "url": "https://go.googlesource.com/go/+/062e0e5ce6df339dc26732438ad771f73dbf2292" }, { "tags": [ "x_transferred" ], "url": "https://go.dev/issue/42559" }, { "tags": [ "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM" }, { "tags": [ "x_transferred" ], "url": "https://pkg.go.dev/vuln/GO-2022-0475" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "packageName": "cmd/go", "product": "cmd/go", "programRoutines": [ { "name": "Builder.cgo" } ], "vendor": "Go toolchain", "versions": [ { "lessThan": "1.14.12", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "1.15.5", "status": "affected", "version": "1.15.0-0", "versionType": "semver" } ] }, { "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "packageName": "cmd/cgo", "product": "cmd/cgo", "programRoutines": [ { "name": "dynimport" } ], "vendor": "Go toolchain", "versions": [ { "lessThan": "1.14.12", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "1.15.5", "status": "affected", "version": "1.15.0-0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "value": "Chris Brown (Tempus Ex)" } ], "descriptions": [ { "lang": "en", "value": "Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file." } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-12T19:04:21.017Z", "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go" }, "references": [ { "url": "https://go.dev/cl/269658" }, { "url": "https://go.googlesource.com/go/+/062e0e5ce6df339dc26732438ad771f73dbf2292" }, { "url": "https://go.dev/issue/42559" }, { "url": "https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM" }, { "url": "https://pkg.go.dev/vuln/GO-2022-0475" } ], "title": "Arbitrary code execution in go command with cgo in cmd/go and cmd/cgo" } }, "cveMetadata": { "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "assignerShortName": "Go", "cveId": "CVE-2020-28366", "datePublished": "2020-11-18T00:00:00", "dateReserved": "2020-11-09T00:00:00", "dateUpdated": "2024-08-04T16:33:58.955Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-3115
Vulnerability from cvelistv5
Published
2021-01-26 02:14
Modified
2024-08-03 16:45
Severity ?
EPSS score ?
Summary
Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).
References
▼ | URL | Tags |
---|---|---|
https://groups.google.com/g/golang-announce/c/mperVMGa98w | x_refsource_CONFIRM | |
https://blog.golang.org/path-security | x_refsource_CONFIRM | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/ | vendor-advisory, x_refsource_FEDORA | |
https://security.netapp.com/advisory/ntap-20210219-0001/ | x_refsource_CONFIRM | |
https://security.gentoo.org/glsa/202208-02 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:45:51.223Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/mperVMGa98w" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://blog.golang.org/path-security" }, { "name": "FEDORA-2021-e435a8bb88", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210219-0001/" }, { "name": "GLSA-202208-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202208-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the \"go get\" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download)." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-04T15:09:52", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://groups.google.com/g/golang-announce/c/mperVMGa98w" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://blog.golang.org/path-security" }, { "name": "FEDORA-2021-e435a8bb88", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20210219-0001/" }, { "name": "GLSA-202208-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202208-02" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-3115", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the \"go get\" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://groups.google.com/g/golang-announce/c/mperVMGa98w", "refsource": "CONFIRM", "url": "https://groups.google.com/g/golang-announce/c/mperVMGa98w" }, { "name": "https://blog.golang.org/path-security", "refsource": "CONFIRM", "url": "https://blog.golang.org/path-security" }, { "name": "FEDORA-2021-e435a8bb88", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/" }, { "name": "https://security.netapp.com/advisory/ntap-20210219-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210219-0001/" }, { "name": "GLSA-202208-02", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202208-02" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-3115", "datePublished": "2021-01-26T02:14:51", "dateReserved": "2021-01-11T00:00:00", "dateUpdated": "2024-08-03T16:45:51.223Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Vulnerability from fkie_nvd
Published
2022-02-11 01:15
Modified
2024-11-21 06:49
Severity ?
Summary
Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
golang | go | * | |
golang | go | * | |
netapp | beegfs_csi_driver | - | |
netapp | cloud_insights_telegraf_agent | - | |
netapp | kubernetes_monitoring_operator | - | |
netapp | storagegrid | - | |
debian | debian_linux | 9.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", "matchCriteriaId": "3AC42B47-ED6E-4F64-BAFA-770B8834BB25", "versionEndExcluding": "1.16.14", "vulnerable": true }, { "criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", "matchCriteriaId": "39A5AFCD-0F53-440D-B617-BB1C92B67028", "versionEndExcluding": "1.17.7", "versionStartIncluding": "1.17.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:beegfs_csi_driver:-:*:*:*:*:*:*:*", "matchCriteriaId": "B60CE797-9177-4705-B02D-83F5A48C5F6F", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:*", "matchCriteriaId": "5DAE7369-EEC5-405E-9D13-858335FDA647", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:kubernetes_monitoring_operator:-:*:*:*:*:*:*:*", "matchCriteriaId": "8F8E1764-2021-41E7-9CBE-6864313A74E2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", "matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element." }, { "lang": "es", "value": "Curve.IsOnCurve en crypto/elliptic en Go versiones anteriores a 1.16.14 y versiones 1.17.x anteriores a 1.17.7, puede devolver incorrectamente true en situaciones con un valor big.Int que no es un elemento de campo v\u00e1lido" } ], "id": "CVE-2022-23806", "lastModified": "2024-11-21T06:49:17.407", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-02-11T01:15:07.747", "references": [ { "source": "cve@mitre.org", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html" }, { "source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202208-02" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20220225-0006/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202208-02" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20220225-0006/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-252" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-02-11 01:15
Modified
2024-11-21 06:49
Severity ?
Summary
cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ | Release Notes, Vendor Advisory | |
cve@mitre.org | https://security.gentoo.org/glsa/202208-02 | Third Party Advisory | |
cve@mitre.org | https://security.netapp.com/advisory/ntap-20220225-0006/ | Third Party Advisory | |
cve@mitre.org | https://www.oracle.com/security-alerts/cpujul2022.html | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ | Release Notes, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202208-02 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20220225-0006/ | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujul2022.html | Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
golang | go | * | |
golang | go | * | |
netapp | beegfs_csi_driver | - | |
netapp | cloud_insights_telegraf_agent | - | |
netapp | kubernetes_monitoring_operator | - | |
netapp | storagegrid | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", "matchCriteriaId": "3AC42B47-ED6E-4F64-BAFA-770B8834BB25", "versionEndExcluding": "1.16.14", "vulnerable": true }, { "criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", "matchCriteriaId": "39A5AFCD-0F53-440D-B617-BB1C92B67028", "versionEndExcluding": "1.17.7", "versionStartIncluding": "1.17.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:beegfs_csi_driver:-:*:*:*:*:*:*:*", "matchCriteriaId": "B60CE797-9177-4705-B02D-83F5A48C5F6F", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:*", "matchCriteriaId": "5DAE7369-EEC5-405E-9D13-858335FDA647", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:kubernetes_monitoring_operator:-:*:*:*:*:*:*:*", "matchCriteriaId": "8F8E1764-2021-41E7-9CBE-6864313A74E2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", "matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags." }, { "lang": "es", "value": "cmd/go en Go versiones anteriores a 1.16.14 y versiones 1.17.x anteriores a 1.17.7, puede malinterpretar nombres de rama que falsamente parecen ser etiquetas de versi\u00f3n. Esto puede conllevar a un control de acceso incorrecto si supone que un actor puede crear ramas pero no etiquetas" } ], "id": "CVE-2022-23773", "lastModified": "2024-11-21T06:49:15.303", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-02-11T01:15:07.707", "references": [ { "source": "cve@mitre.org", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202208-02" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20220225-0006/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202208-02" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20220225-0006/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-436" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-08-02 19:15
Modified
2024-11-21 06:08
Severity ?
Summary
Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://groups.google.com/g/golang-announce | Third Party Advisory | |
cve@mitre.org | https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI | Exploit, Patch, Third Party Advisory | |
cve@mitre.org | https://security.gentoo.org/glsa/202208-02 | Third Party Advisory | |
cve@mitre.org | https://security.netapp.com/advisory/ntap-20210902-0005/ | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/g/golang-announce | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI | Exploit, Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202208-02 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210902-0005/ | Third Party Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", "matchCriteriaId": "83DF0007-D86B-419A-8722-A8C8C3313684", "versionEndExcluding": "1.15.13", "vulnerable": true }, { "criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", "matchCriteriaId": "DBF475E5-A5BF-49FF-89A3-F7C7E0051E8F", "versionEndExcluding": "1.16.5", "versionStartIncluding": "1.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:*", "matchCriteriaId": "5DAE7369-EEC5-405E-9D13-858335FDA647", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format." }, { "lang": "es", "value": "Go versiones anteriores a 1.15.13 y versiones 1.16.x anteriores a 1.16.5 tiene funciones para las b\u00fasquedas de DNS que no validan las respuestas de los servidores DNS, y por lo tanto un valor de retorno puede contener una inyecci\u00f3n insegura (por ejemplo, XSS) que no se ajusta al formato RFC1035" } ], "id": "CVE-2021-33195", "lastModified": "2024-11-21T06:08:29.560", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-08-02T19:15:08.407", "references": [ { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://groups.google.com/g/golang-announce" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Patch", "Third Party Advisory" ], "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202208-02" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20210902-0005/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://groups.google.com/g/golang-announce" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch", "Third Party Advisory" ], "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202208-02" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20210902-0005/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-74" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-07-15 20:15
Modified
2024-11-21 07:03
Severity ?
Summary
Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.
References
▼ | URL | Tags | |
---|---|---|---|
security@golang.org | https://go.dev/cl/402257 | Patch | |
security@golang.org | https://go.dev/issue/52561 | Exploit, Issue Tracking | |
security@golang.org | https://go.googlesource.com/go/+/bb1f4416180511231de6d17a1f2f55c82aafc863 | Mailing List, Patch | |
security@golang.org | https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ | Mailing List, Third Party Advisory | |
security@golang.org | https://pkg.go.dev/vuln/GO-2022-0477 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://go.dev/cl/402257 | Patch | |
af854a3a-2127-422b-91ae-364da2661108 | https://go.dev/issue/52561 | Exploit, Issue Tracking | |
af854a3a-2127-422b-91ae-364da2661108 | https://go.googlesource.com/go/+/bb1f4416180511231de6d17a1f2f55c82aafc863 | Mailing List, Patch | |
af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://pkg.go.dev/vuln/GO-2022-0477 | Third Party Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", "matchCriteriaId": "338E9C2D-AE40-4FA3-9A44-08C9B508B756", "versionEndExcluding": "1.17.11", "vulnerable": true }, { "criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", "matchCriteriaId": "6782EAAE-0437-495C-A6B4-1CFB39DAAFA6", "versionEndExcluding": "1.18.3", "versionStartIncluding": "1.18.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:*", "matchCriteriaId": "5DAE7369-EEC5-405E-9D13-858335FDA647", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 \u003c\u003c 32 - 1 bytes." }, { "lang": "es", "value": "Un bucle infinito en Read en crypto/rand versiones anteriores a Go 1.17.11 y Go 1.18.3 en Windows, permite a un atacante causar un cuelgue no definido pasando un buffer mayor de 1 \u0026lt;\u0026lt; 32 - 1 bytes" } ], "id": "CVE-2022-30634", "lastModified": "2024-11-21T07:03:04.353", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-07-15T20:15:08.597", "references": [ { "source": "security@golang.org", "tags": [ "Patch" ], "url": "https://go.dev/cl/402257" }, { "source": "security@golang.org", "tags": [ "Exploit", "Issue Tracking" ], "url": "https://go.dev/issue/52561" }, { "source": "security@golang.org", "tags": [ "Mailing List", "Patch" ], "url": "https://go.googlesource.com/go/+/bb1f4416180511231de6d17a1f2f55c82aafc863" }, { "source": "security@golang.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ" }, { "source": "security@golang.org", "tags": [ "Third Party Advisory" ], "url": "https://pkg.go.dev/vuln/GO-2022-0477" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "https://go.dev/cl/402257" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Issue Tracking" ], "url": "https://go.dev/issue/52561" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch" ], "url": "https://go.googlesource.com/go/+/bb1f4416180511231de6d17a1f2f55c82aafc863" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://pkg.go.dev/vuln/GO-2022-0477" } ], "sourceIdentifier": "security@golang.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-835" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-01-26 18:16
Modified
2024-11-21 06:20
Severity ?
Summary
Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
golang | go | * | |
golang | go | * | |
microsoft | windows | - | |
fedoraproject | fedora | 33 | |
netapp | cloud_insights_telegraf_agent | - | |
netapp | storagegrid | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", "matchCriteriaId": "70690A8F-9E7C-4208-9550-254B1000BF93", "versionEndExcluding": "1.14.14", "vulnerable": true }, { "criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C90339E-4E95-4FCE-BCFE-6DD9FB4F9255", "versionEndExcluding": "1.15.7", "versionStartIncluding": "1.15", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:*", "matchCriteriaId": "5DAE7369-EEC5-405E-9D13-858335FDA647", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", "matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the \"go get\" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download)." }, { "lang": "es", "value": "Go versiones anteriores a 1.14.14 y versiones 1.15. x anteriores a 1.15.7 en Windows, es vulnerable a una inyecci\u00f3n de comandos y una ejecuci\u00f3n de c\u00f3digo remota cuando es usado el comando \"go get\" para buscar m\u00f3dulos que hacen uso de cgo (por ejemplo, cgo puede ejecutar un programa gcc desde una descarga que no es confiable)" } ], "id": "CVE-2021-3115", "lastModified": "2024-11-21T06:20:54.910", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-01-26T18:16:27.630", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://blog.golang.org/path-security" }, { "source": "cve@mitre.org", "tags": [ "Release Notes", "Third Party Advisory" ], "url": "https://groups.google.com/g/golang-announce/c/mperVMGa98w" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202208-02" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20210219-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://blog.golang.org/path-security" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Release Notes", "Third Party Advisory" ], "url": "https://groups.google.com/g/golang-announce/c/mperVMGa98w" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202208-02" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20210219-0001/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-427" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-01-26 18:16
Modified
2024-11-21 06:20
Severity ?
Summary
In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
golang | go | * | |
golang | go | * | |
fedoraproject | fedora | 33 | |
debian | debian_linux | 9.0 | |
debian | debian_linux | 10.0 | |
netapp | cloud_insights_telegraf_agent | - | |
netapp | storagegrid | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", "matchCriteriaId": "70690A8F-9E7C-4208-9550-254B1000BF93", "versionEndExcluding": "1.14.14", "vulnerable": true }, { "criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C90339E-4E95-4FCE-BCFE-6DD9FB4F9255", "versionEndExcluding": "1.15.7", "versionStartIncluding": "1.15", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:*", "matchCriteriaId": "5DAE7369-EEC5-405E-9D13-858335FDA647", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", "matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field." }, { "lang": "es", "value": "En Go versiones anteriores a 1.14.14 y versiones 1.15.x anteriores a 1.15.7, en el archivo crypto/elliptic/p224.go puede generar salidas incorrectas, relacionadas con un subdesbordamiento de la extremidad m\u00e1s baja durante la reducci\u00f3n completa final en el campo P-224" } ], "id": "CVE-2021-3114", "lastModified": "2024-11-21T06:20:54.640", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-01-26T18:16:27.567", "references": [ { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/golang/go/commit/d95ca9138026cbe40e0857d76a81a16d03230871" }, { "source": "cve@mitre.org", "tags": [ "Release Notes", "Third Party Advisory" ], "url": "https://groups.google.com/g/golang-announce/c/mperVMGa98w" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202208-02" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20210219-0001/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2021/dsa-4848" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/golang/go/commit/d95ca9138026cbe40e0857d76a81a16d03230871" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Release Notes", "Third Party Advisory" ], "url": "https://groups.google.com/g/golang-announce/c/mperVMGa98w" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202208-02" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20210219-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2021/dsa-4848" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-682" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-02-11 01:15
Modified
2024-11-21 06:49
Severity ?
Summary
Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
golang | go | * | |
golang | go | * | |
netapp | beegfs_csi_driver | - | |
netapp | cloud_insights_telegraf_agent | - | |
netapp | kubernetes_monitoring_operator | - | |
netapp | storagegrid | - | |
debian | debian_linux | 9.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", "matchCriteriaId": "3AC42B47-ED6E-4F64-BAFA-770B8834BB25", "versionEndExcluding": "1.16.14", "vulnerable": true }, { "criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", "matchCriteriaId": "39A5AFCD-0F53-440D-B617-BB1C92B67028", "versionEndExcluding": "1.17.7", "versionStartIncluding": "1.17.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:beegfs_csi_driver:-:*:*:*:*:*:*:*", "matchCriteriaId": "B60CE797-9177-4705-B02D-83F5A48C5F6F", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:*", "matchCriteriaId": "5DAE7369-EEC5-405E-9D13-858335FDA647", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:kubernetes_monitoring_operator:-:*:*:*:*:*:*:*", "matchCriteriaId": "8F8E1764-2021-41E7-9CBE-6864313A74E2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", "matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption." }, { "lang": "es", "value": "Rat.SetString en el archivo math/big en Go versiones anteriores a 1.16.14 y versiones 1.17.x anteriores a 1.17.7, presenta un desbordamiento que puede conllevar a un Consumo de Memoria no Controlado" } ], "id": "CVE-2022-23772", "lastModified": "2024-11-21T06:49:15.127", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-02-11T01:15:07.657", "references": [ { "source": "cve@mitre.org", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202208-02" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20220225-0006/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202208-02" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20220225-0006/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-190" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2020-11-18 17:15
Modified
2024-11-21 05:22
Severity ?
Summary
Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
golang | go | * | |
golang | go | * | |
fedoraproject | fedora | 32 | |
fedoraproject | fedora | 33 | |
netapp | cloud_insights_telegraf_agent | - | |
netapp | trident | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", "matchCriteriaId": "A2175A10-2BF6-430A-A90E-C3957B4FF493", "versionEndExcluding": "1.14.12", "vulnerable": true }, { "criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D85EBF5-35FF-4F02-87AB-16FF644D11F3", "versionEndExcluding": "1.15.5", "versionStartIncluding": "1.15", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:*", "matchCriteriaId": "5DAE7369-EEC5-405E-9D13-858335FDA647", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:trident:-:*:*:*:*:*:*:*", "matchCriteriaId": "5D9A34F5-AC03-4098-A37D-AD50727DDB11", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service." }, { "lang": "es", "value": "Go versiones anteriores a 1.14.12 y versiones 1.15.x anteriores a 1.15.4, permite una Denegaci\u00f3n de Servicio" } ], "id": "CVE-2020-28362", "lastModified": "2024-11-21T05:22:39.757", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-11-18T17:15:11.930", "references": [ { "source": "cve@mitre.org", "tags": [ "Release Notes", "Third Party Advisory" ], "url": "https://groups.google.com/g/golang-nuts/c/c-ssaaS7RMI" }, { "source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/rd02e75766cd333a0df417588460f5e4477060633000bfe94955851fd%40%3Cissues.trafficcontrol.apache.org%3E" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2W4COUPL3YVTZ6RTEIT6LPBDJUFF3VSP/" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3ZSHGNTJWCWYAKY5OLZS2XQQYHSXSUO/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20201202-0004/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12166-security-advisory-62" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Release Notes", "Third Party Advisory" ], "url": "https://groups.google.com/g/golang-nuts/c/c-ssaaS7RMI" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rd02e75766cd333a0df417588460f5e4477060633000bfe94955851fd%40%3Cissues.trafficcontrol.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2W4COUPL3YVTZ6RTEIT6LPBDJUFF3VSP/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3ZSHGNTJWCWYAKY5OLZS2XQQYHSXSUO/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20201202-0004/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12166-security-advisory-62" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-295" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-09-30 19:15
Modified
2024-11-21 04:30
Severity ?
Summary
Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
golang | go | * | |
golang | go | * | |
debian | debian_linux | 9.0 | |
opensuse | leap | 15.0 | |
opensuse | leap | 15.1 | |
fedoraproject | fedora | 29 | |
fedoraproject | fedora | 30 | |
fedoraproject | fedora | 31 | |
redhat | openshift_container_platform | 4.2 | |
redhat | enterprise_linux | 7.0 | |
redhat | developer_tools | 1.0 | |
redhat | enterprise_linux | 8.0 | |
redhat | enterprise_linux_eus | 8.1 | |
netapp | cloud_insights_telegraf_agent | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", "matchCriteriaId": "780FC85E-2CAD-4605-8DA2-CE16EB2034A5", "versionEndExcluding": "1.12.10", "vulnerable": true }, { "criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", "matchCriteriaId": "3FDA5CF5-27C2-4DA5-852D-1A69271DB7EE", "versionEndExcluding": "1.13.1", "versionStartIncluding": "1.13", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "4C85A84D-A70F-4B02-9E5D-CD9660ABF048", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:developer_tools:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "60937D60-6B78-400F-8D30-7FCF328659A1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:*", "matchCriteriaId": "5DAE7369-EEC5-405E-9D13-858335FDA647", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling." }, { "lang": "es", "value": "Go versiones anteriores a 1.12.10 y versiones 1.13.x anteriores a 1.13.1, permitir el Trafico No Autorizado de Peticiones HTTP." } ], "id": "CVE-2019-16276", "lastModified": "2024-11-21T04:30:26.170", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-09-30T19:15:08.790", "references": [ { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2020:0101" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2020:0329" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2020:0652" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/golang/go/issues/34540" }, { "source": "cve@mitre.org", "url": "https://groups.google.com/forum/#%21msg/golang-announce/cszieYyuL9Q/g4Z7pKaqAgAJ" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LULL72EUUKIY4NWDZVJVN2LIB4MXHS5P/" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7GMJ3VXF5RXK2C7CL66KJ6XOOTOL5BJ/" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q5MD2F7ATWSTB45ZJIPJHBAAHVRGRAKG/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20191122-0004/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2020:0101" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2020:0329" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2020:0652" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/golang/go/issues/34540" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://groups.google.com/forum/#%21msg/golang-announce/cszieYyuL9Q/g4Z7pKaqAgAJ" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LULL72EUUKIY4NWDZVJVN2LIB4MXHS5P/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7GMJ3VXF5RXK2C7CL66KJ6XOOTOL5BJ/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q5MD2F7ATWSTB45ZJIPJHBAAHVRGRAKG/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20191122-0004/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-444" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2020-11-18 17:15
Modified
2024-11-21 05:22
Severity ?
Summary
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
golang | go | * | |
golang | go | * | |
fedoraproject | fedora | 32 | |
fedoraproject | fedora | 33 | |
netapp | cloud_insights_telegraf_agent | - | |
netapp | trident | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", "matchCriteriaId": "A2175A10-2BF6-430A-A90E-C3957B4FF493", "versionEndExcluding": "1.14.12", "vulnerable": true }, { "criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D85EBF5-35FF-4F02-87AB-16FF644D11F3", "versionEndExcluding": "1.15.5", "versionStartIncluding": "1.15", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:*", "matchCriteriaId": "5DAE7369-EEC5-405E-9D13-858335FDA647", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:trident:-:*:*:*:*:*:*:*", "matchCriteriaId": "5D9A34F5-AC03-4098-A37D-AD50727DDB11", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file." }, { "lang": "es", "value": "Go versiones anteriores a 1.14.12 y versiones 1.15.x anteriores a 1.15.5, permite una Inyecci\u00f3n de C\u00f3digo" } ], "id": "CVE-2020-28366", "lastModified": "2024-11-21T05:22:40.197", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-11-18T17:15:11.993", "references": [ { "source": "security@golang.org", "url": "https://go.dev/cl/269658" }, { "source": "security@golang.org", "url": "https://go.dev/issue/42559" }, { "source": "security@golang.org", "url": "https://go.googlesource.com/go/+/062e0e5ce6df339dc26732438ad771f73dbf2292" }, { "source": "security@golang.org", "url": "https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM" }, { "source": "security@golang.org", "url": "https://pkg.go.dev/vuln/GO-2022-0475" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://go.dev/cl/269658" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://go.dev/issue/42559" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://go.googlesource.com/go/+/062e0e5ce6df339dc26732438ad771f73dbf2292" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://pkg.go.dev/vuln/GO-2022-0475" } ], "sourceIdentifier": "security@golang.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-94" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }