Action not permitted
Modal body text goes here.
Modal Title
Modal Body
usn-7111-1
Vulnerability from osv_ubuntu
Philippe Antoine discovered that Go incorrectly handled crafted HTTP/2 streams. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-41723)
Marten Seemann discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a panic resulting in a denial of service. (CVE-2022-41724)
Ameya Darshan and Jakob Ackermann discovered that Go did not properly validate the amount of memory and disk files ReadForm can consume. An attacker could possibly use this issue to cause a panic resulting in a denial of service. (CVE-2022-41725)
Jakob Ackermann discovered that Go incorrectly handled multipart forms. An attacker could possibly use this issue to consume an excessive amount of resources, resulting in a denial of service. (CVE-2023-24536)
It was discovered that Go did not properly validate the "//go:cgo_" directives during compilation. An attacker could possibly use this issue to inject arbitrary code during compile time. (CVE-2023-39323)
Bartek Nowotarski was discovered that the Go net/http module did not properly handle the requests when request's headers exceed MaxHeaderBytes. An attacker could possibly use this issue to cause a panic resulting into a denial of service. (CVE-2023-45288)
Bartek Nowotarski discovered that the Go net/http module did not properly validate the total size of the parsed form when parsing a multipart form. An attacker could possibly use this issue to cause a panic resulting into a denial of service. (CVE-2023-45290)
John Howard discovered that the Go crypto/x509 module did not properly handle a certificate chain which contains a certificate with an unknown public key algorithm. An attacker could possibly use this issue to cause a panic resulting into a denial of service. (CVE-2024-24783)
Juho Nurminen discovered that the Go net/mail module did not properly handle comments within display names in the ParseAddressList function. An attacker could possibly use this issue to cause a panic resulting into a denial of service. (CVE-2024-24784)
Yufan You discovered that the Go archive/zip module did not properly handle certain types of invalid zip files differs from the behavior of most zip implementations. An attacker could possibly use this issue to cause a panic resulting into a denial of service. (CVE-2024-24789)
Geoff Franks discovered that the Go net/http module did not properly handle responses to requests with an "Expect: 100-continue" header under certain circumstances. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-24791)
It was discovered that the Go parser module did not properly handle deeply nested literal values. An attacker could possibly use this issue to cause a panic resulting in a denial of service. (CVE-2024-34155)
Md Sakib Anwar discovered that the Go encoding/gob module did not properly handle message decoding under certain circumstances. An attacker could possibly use this issue to cause a panic resulting in a denial of service. (CVE-2024-34156)
It was discovered that the Go build module did not properly handle certain build tag lines with deeply nested expressions. An attacker could possibly use this issue to cause a panic resulting in a denial of service. (CVE-2024-34158)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2022-41723",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-41724",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-41725",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-24536",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-39323",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-45288",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-45290",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-24783",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-24784",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-24789",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-24791",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-34155",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-34156",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-34158",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:22.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.17",
"binary_version": "1.17.13-3ubuntu1.3"
},
{
"binary_name": "golang-1.17-go",
"binary_version": "1.17.13-3ubuntu1.3"
},
{
"binary_name": "golang-1.17-src",
"binary_version": "1.17.13-3ubuntu1.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "golang-1.17",
"purl": "pkg:deb/ubuntu/golang-1.17@1.17.13-3ubuntu1.3?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.17.13-3ubuntu1.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.17-1ubuntu2",
"1.17.3-1ubuntu1",
"1.17.3-1ubuntu2",
"1.17.13-3ubuntu1",
"1.17.13-3ubuntu1.2"
]
}
],
"aliases": [],
"details": "Philippe Antoine discovered that Go incorrectly handled crafted HTTP/2\nstreams. An attacker could possibly use this issue to cause a denial of\nservice. (CVE-2022-41723)\n\nMarten Seemann discovered that Go did not properly manage memory under\ncertain circumstances. An attacker could possibly use this issue to cause\na panic resulting in a denial of service. (CVE-2022-41724)\n\nAmeya Darshan and Jakob Ackermann discovered that Go did not properly\nvalidate the amount of memory and disk files ReadForm can consume. An\nattacker could possibly use this issue to cause a panic resulting in a\ndenial of service. (CVE-2022-41725)\n\nJakob Ackermann discovered that Go incorrectly handled multipart\nforms. An attacker could possibly use this issue to consume an excessive\namount of resources, resulting in a denial of service. (CVE-2023-24536)\n\nIt was discovered that Go did not properly validate the \"//go:cgo_\"\ndirectives during compilation. An attacker could possibly use this issue\nto inject arbitrary code during compile time. (CVE-2023-39323)\n\nBartek Nowotarski was discovered that the Go net/http module did not\nproperly handle the requests when request\u0027s headers exceed MaxHeaderBytes.\nAn attacker could possibly use this issue to cause a panic resulting into\na denial of service. (CVE-2023-45288)\n\nBartek Nowotarski discovered that the Go net/http module did not properly\nvalidate the total size of the parsed form when parsing a multipart form.\nAn attacker could possibly use this issue to cause a panic resulting into a\ndenial of service. (CVE-2023-45290)\n\nJohn Howard discovered that the Go crypto/x509 module did not properly\nhandle a certificate chain which contains a certificate with an unknown\npublic key algorithm. An attacker could possibly use this issue to cause\na panic resulting into a denial of service. (CVE-2024-24783)\n\nJuho Nurminen discovered that the Go net/mail module did not properly\nhandle comments within display names in the ParseAddressList function.\nAn attacker could possibly use this issue to cause a panic resulting into\na denial of service. (CVE-2024-24784)\n\nYufan You discovered that the Go archive/zip module did not properly\nhandle certain types of invalid zip files differs from the behavior of\nmost zip implementations. An attacker could possibly use this issue to\ncause a panic resulting into a denial of service. (CVE-2024-24789)\n\nGeoff Franks discovered that the Go net/http module did not properly\nhandle responses to requests with an \"Expect: 100-continue\" header under\ncertain circumstances. An attacker could possibly use this issue to\ncause a denial of service. (CVE-2024-24791)\n\nIt was discovered that the Go parser module did not properly handle deeply\nnested literal values. An attacker could possibly use this issue to cause\na panic resulting in a denial of service. (CVE-2024-34155)\n\nMd Sakib Anwar discovered that the Go encoding/gob module did not properly\nhandle message decoding under certain circumstances. An attacker could\npossibly use this issue to cause a panic resulting in a denial of service.\n(CVE-2024-34156)\n\nIt was discovered that the Go build module did not properly handle certain\nbuild tag lines with deeply nested expressions. An attacker could possibly\nuse this issue to cause a panic resulting in a denial of service.\n(CVE-2024-34158)\n",
"id": "USN-7111-1",
"modified": "2026-04-27T14:11:38Z",
"published": "2024-11-14T17:26:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7111-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-41723"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-41724"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-41725"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-24536"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-39323"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-45288"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-45290"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-24783"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-24784"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-24789"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-24791"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-34155"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-34156"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-34158"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "golang-1.17 vulnerabilities",
"upstream": [
"UBUNTU-CVE-2022-41723",
"UBUNTU-CVE-2022-41724",
"UBUNTU-CVE-2022-41725",
"UBUNTU-CVE-2023-24536",
"UBUNTU-CVE-2023-39323",
"UBUNTU-CVE-2023-45288",
"UBUNTU-CVE-2023-45290",
"UBUNTU-CVE-2024-24783",
"UBUNTU-CVE-2024-24784",
"UBUNTU-CVE-2024-24789",
"UBUNTU-CVE-2024-24791",
"UBUNTU-CVE-2024-34155",
"UBUNTU-CVE-2024-34156",
"UBUNTU-CVE-2024-34158"
]
}
ubuntu-cve-2022-41723
Vulnerability from osv_ubuntu
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.10",
"binary_version": "1.10.4-2ubuntu1~14.04.1"
},
{
"binary_name": "golang-1.10-go",
"binary_version": "1.10.4-2ubuntu1~14.04.1"
},
{
"binary_name": "golang-1.10-src",
"binary_version": "1.10.4-2ubuntu1~14.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "golang-1.10",
"purl": "pkg:deb/ubuntu/golang-1.10@1.10.4-2ubuntu1~14.04.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.10.4-2ubuntu1~14.04.1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-go.net-dev",
"binary_version": "1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm2"
},
{
"binary_name": "golang-golang-x-net-dev",
"binary_version": "1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "golang-golang-x-net-dev",
"purl": "pkg:deb/ubuntu/golang-golang-x-net-dev@1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm2?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.0+git20150226.3d87fd6-3",
"0.0+git20151007.b846920+dfsg-1",
"1:0.0+git20150817.66f0418-1",
"1:0.0+git20160110.4fd4a9f-1",
"1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "juju",
"binary_version": "2.3.7-0ubuntu0.16.04.1+esm2"
},
{
"binary_name": "juju-2.0",
"binary_version": "2.3.7-0ubuntu0.16.04.1+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "juju-core",
"purl": "pkg:deb/ubuntu/juju-core@2.3.7-0ubuntu0.16.04.1+esm2?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.7-0ubuntu0.16.04.1+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.24.6-0ubuntu3",
"1.25.0-0ubuntu1",
"1.25.0-0ubuntu2",
"1.25.0-0ubuntu3",
"2.0~beta4-0ubuntu2",
"2.0~beta6-0ubuntu1.16.04.1",
"2.0~beta7-0ubuntu1.16.04.1",
"2.0~beta12-0ubuntu1.16.04.1",
"2.0~beta15-0ubuntu2.16.04.1",
"2.0.0-0ubuntu0.16.04.2",
"2.0.2-0ubuntu0.16.04.1",
"2.0.2-0ubuntu0.16.04.2",
"2.3.1-0ubuntu0.16.04.1",
"2.3.2-0ubuntu0.16.04.1",
"2.3.7-0ubuntu0.16.04.1",
"2.3.7-0ubuntu0.16.04.1+esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-github-lxc-lxd-dev",
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm2"
},
{
"binary_name": "lxc2",
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm2"
},
{
"binary_name": "lxd",
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm2"
},
{
"binary_name": "lxd-client",
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm2"
},
{
"binary_name": "lxd-tools",
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "lxd",
"purl": "pkg:deb/ubuntu/lxd@2.0.11-0ubuntu1~16.04.4+esm2?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.11-0ubuntu1~16.04.4+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.20-0ubuntu4",
"0.21-0ubuntu3",
"0.21-0ubuntu5",
"0.22-0ubuntu1",
"0.22-0ubuntu2",
"0.23-0ubuntu1",
"0.23-0ubuntu2",
"0.23-0ubuntu3",
"0.24-0ubuntu2",
"0.24-0ubuntu3",
"0.24-0ubuntu4",
"0.25-0ubuntu1",
"0.26-0ubuntu2",
"0.26-0ubuntu3",
"0.27-0ubuntu1",
"0.27-0ubuntu2",
"2.0.0~beta1-0ubuntu3",
"2.0.0~beta1-0ubuntu4",
"2.0.0~beta2-0ubuntu1",
"2.0.0~beta2-0ubuntu2",
"2.0.0~beta3-0ubuntu1",
"2.0.0~beta3-0ubuntu2",
"2.0.0~beta3-0ubuntu3",
"2.0.0~beta3-0ubuntu4",
"2.0.0~beta4-0ubuntu1",
"2.0.0~beta4-0ubuntu2",
"2.0.0~beta4-0ubuntu3",
"2.0.0~beta4-0ubuntu4",
"2.0.0~beta4-0ubuntu5",
"2.0.0~beta4-0ubuntu6",
"2.0.0~beta4-0ubuntu7",
"2.0.0~rc1-0ubuntu1",
"2.0.0~rc1-0ubuntu2",
"2.0.0~rc1-0ubuntu3",
"2.0.0~rc2-0ubuntu2",
"2.0.0~rc2-0ubuntu3",
"2.0.0~rc3-0ubuntu1",
"2.0.0~rc3-0ubuntu2",
"2.0.0~rc3-0ubuntu3",
"2.0.0~rc3-0ubuntu4",
"2.0.0~rc4-0ubuntu1",
"2.0.0~rc5-0ubuntu1",
"2.0.0~rc6-0ubuntu1",
"2.0.0~rc6-0ubuntu2",
"2.0.0~rc7-0ubuntu1",
"2.0.0~rc7-0ubuntu2",
"2.0.0~rc8-0ubuntu1",
"2.0.0~rc8-0ubuntu2",
"2.0.0~rc8-0ubuntu3",
"2.0.0~rc8-0ubuntu5",
"2.0.0~rc8-0ubuntu6",
"2.0.0~rc8-0ubuntu7",
"2.0.0~rc9-0ubuntu2",
"2.0.0~rc9-0ubuntu3",
"2.0.0~rc9-0ubuntu4",
"2.0.0~rc9-0ubuntu5",
"2.0.0-0ubuntu1",
"2.0.0-0ubuntu2",
"2.0.0-0ubuntu3",
"2.0.0-0ubuntu4",
"2.0.1-0ubuntu1~16.04.1",
"2.0.2-0ubuntu1~16.04.1",
"2.0.3-0ubuntu1~ubuntu16.04.2",
"2.0.4-0ubuntu1~ubuntu16.04.1",
"2.0.5-0ubuntu1~ubuntu16.04.1",
"2.0.8-0ubuntu1~ubuntu16.04.1",
"2.0.8-0ubuntu1~ubuntu16.04.2",
"2.0.9-0ubuntu1~16.04.1",
"2.0.9-0ubuntu1~16.04.2",
"2.0.10-0ubuntu1~16.04.1",
"2.0.10-0ubuntu1~16.04.2",
"2.0.11-0ubuntu1~16.04.2",
"2.0.11-0ubuntu1~16.04.4",
"2.0.11-0ubuntu1~16.04.4+esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-1.18",
"binary_version": "1.18.1-1ubuntu1~16.04.6+esm1"
},
{
"binary_name": "golang-1.18-go",
"binary_version": "1.18.1-1ubuntu1~16.04.6+esm1"
},
{
"binary_name": "golang-1.18-src",
"binary_version": "1.18.1-1ubuntu1~16.04.6+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "golang-1.18",
"purl": "pkg:deb/ubuntu/golang-1.18@1.18.1-1ubuntu1~16.04.6+esm1?arch=source\u0026distro=esm-apps/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.1-1ubuntu1~16.04.6+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18.1-1ubuntu1~16.04.6"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.10",
"binary_version": "1.10.4-2ubuntu1~16.04.2"
},
{
"binary_name": "golang-1.10-go",
"binary_version": "1.10.4-2ubuntu1~16.04.2"
},
{
"binary_name": "golang-1.10-src",
"binary_version": "1.10.4-2ubuntu1~16.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "golang-1.10",
"purl": "pkg:deb/ubuntu/golang-1.10@1.10.4-2ubuntu1~16.04.2?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.10.4-2ubuntu1~16.04.1",
"1.10.4-2ubuntu1~16.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.6",
"binary_version": "1.6.2-0ubuntu5~16.04.4"
},
{
"binary_name": "golang-1.6-go",
"binary_version": "1.6.2-0ubuntu5~16.04.4"
},
{
"binary_name": "golang-1.6-src",
"binary_version": "1.6.2-0ubuntu5~16.04.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "golang-1.6",
"purl": "pkg:deb/ubuntu/golang-1.6@1.6.2-0ubuntu5~16.04.4?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.6-0ubuntu1",
"1.6-0ubuntu2",
"1.6-0ubuntu3",
"1.6-0ubuntu4",
"1.6-0ubuntu5",
"1.6.1-0ubuntu1",
"1.6.2-0ubuntu5~16.04",
"1.6.2-0ubuntu5~16.04.2",
"1.6.2-0ubuntu5~16.04.3",
"1.6.2-0ubuntu5~16.04.4"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.13",
"binary_version": "1.13.8-1ubuntu1~16.04.3+esm3"
},
{
"binary_name": "golang-1.13-go",
"binary_version": "1.13.8-1ubuntu1~16.04.3+esm3"
},
{
"binary_name": "golang-1.13-src",
"binary_version": "1.13.8-1ubuntu1~16.04.3+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "golang-1.13",
"purl": "pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu1~16.04.3+esm3?arch=source\u0026distro=esm-apps/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.13.8-1ubuntu1~16.04.2",
"1.13.8-1ubuntu1~16.04.3",
"1.13.8-1ubuntu1~16.04.3+esm2",
"1.13.8-1ubuntu1~16.04.3+esm3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.10",
"binary_version": "1.10.4-2ubuntu1~18.04.2"
},
{
"binary_name": "golang-1.10-go",
"binary_version": "1.10.4-2ubuntu1~18.04.2"
},
{
"binary_name": "golang-1.10-src",
"binary_version": "1.10.4-2ubuntu1~18.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "golang-1.10",
"purl": "pkg:deb/ubuntu/golang-1.10@1.10.4-2ubuntu1~18.04.2?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.10~rc1-1",
"1.10~rc1-1ubuntu1",
"1.10~rc1-2ubuntu1",
"1.10~rc2-1ubuntu1",
"1.10-1ubuntu1",
"1.10.1-1ubuntu2",
"1.10.4-2ubuntu1~18.04.1",
"1.10.4-2ubuntu1~18.04.2"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "lxd",
"binary_version": "3.0.3-0ubuntu1~18.04.2+esm2"
},
{
"binary_name": "lxd-client",
"binary_version": "3.0.3-0ubuntu1~18.04.2+esm2"
},
{
"binary_name": "lxd-tools",
"binary_version": "3.0.3-0ubuntu1~18.04.2+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "lxd",
"purl": "pkg:deb/ubuntu/lxd@3.0.3-0ubuntu1~18.04.2+esm2?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.3-0ubuntu1~18.04.2+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.18-0ubuntu6",
"2.19-0ubuntu1",
"2.20-0ubuntu3",
"2.20-0ubuntu4",
"2.21-0ubuntu1",
"2.21-0ubuntu2",
"2.21-0ubuntu3",
"2.21-0ubuntu4",
"3.0.0~beta2-0ubuntu3",
"3.0.0~beta3-0ubuntu3",
"3.0.0~beta5-0ubuntu2",
"3.0.0~beta7-0ubuntu1",
"3.0.0-0ubuntu1",
"3.0.0-0ubuntu2",
"3.0.0-0ubuntu3",
"3.0.0-0ubuntu4",
"3.0.1-0ubuntu1~18.04.1",
"3.0.2-0ubuntu1~18.04.1",
"3.0.3-0ubuntu1~18.04.1",
"3.0.3-0ubuntu1~18.04.2",
"3.0.3-0ubuntu1~18.04.2+esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.13",
"binary_version": "1.13.8-1ubuntu1~18.04.4+esm1"
},
{
"binary_name": "golang-1.13-go",
"binary_version": "1.13.8-1ubuntu1~18.04.4+esm1"
},
{
"binary_name": "golang-1.13-src",
"binary_version": "1.13.8-1ubuntu1~18.04.4+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "golang-1.13",
"purl": "pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu1~18.04.4+esm1?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.13.8-1ubuntu1~18.04.2",
"1.13.8-1ubuntu1~18.04.3",
"1.13.8-1ubuntu1~18.04.4",
"1.13.8-1ubuntu1~18.04.4+esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.16",
"binary_version": "1.16.2-0ubuntu1~18.04.2+esm1"
},
{
"binary_name": "golang-1.16-go",
"binary_version": "1.16.2-0ubuntu1~18.04.2+esm1"
},
{
"binary_name": "golang-1.16-src",
"binary_version": "1.16.2-0ubuntu1~18.04.2+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "golang-1.16",
"purl": "pkg:deb/ubuntu/golang-1.16@1.16.2-0ubuntu1~18.04.2+esm1?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.16.2-0ubuntu1~18.04.2",
"1.16.2-0ubuntu1~18.04.2+esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-1.18",
"binary_version": "1.18.1-1ubuntu1~18.04.4+esm1"
},
{
"binary_name": "golang-1.18-go",
"binary_version": "1.18.1-1ubuntu1~18.04.4+esm1"
},
{
"binary_name": "golang-1.18-src",
"binary_version": "1.18.1-1ubuntu1~18.04.4+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "golang-1.18",
"purl": "pkg:deb/ubuntu/golang-1.18@1.18.1-1ubuntu1~18.04.4+esm1?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.1-1ubuntu1~18.04.4+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18.1-1ubuntu1~18.04.3",
"1.18.1-1ubuntu1~18.04.4"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.8",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
},
{
"binary_name": "golang-1.8-go",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
},
{
"binary_name": "golang-1.8-go-shared-dev",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
},
{
"binary_name": "golang-1.8-src",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
},
{
"binary_name": "libgolang-1.8-std1",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "golang-1.8",
"purl": "pkg:deb/ubuntu/golang-1.8@1.8.3-2ubuntu1.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.8.3-2ubuntu1",
"1.8.3-2ubuntu1.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.9",
"binary_version": "1.9.4-1ubuntu1"
},
{
"binary_name": "golang-1.9-go",
"binary_version": "1.9.4-1ubuntu1"
},
{
"binary_name": "golang-1.9-src",
"binary_version": "1.9.4-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "golang-1.9",
"purl": "pkg:deb/ubuntu/golang-1.9@1.9.4-1ubuntu1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.9.1-2ubuntu1",
"1.9.2-1ubuntu1",
"1.9.2-3ubuntu1",
"1.9.3-1ubuntu1",
"1.9.4-1ubuntu1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-go.net-dev",
"binary_version": "1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm2"
},
{
"binary_name": "golang-golang-x-net-dev",
"binary_version": "1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "golang-golang-x-net-dev",
"purl": "pkg:deb/ubuntu/golang-golang-x-net-dev@1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm2?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:0.0+git20170629.c81e7f2+dfsg-1ubuntu1",
"1:0.0+git20170629.c81e7f2+dfsg-1ubuntu2",
"1:0.0+git20170629.c81e7f2+dfsg-2",
"1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.18",
"binary_version": "1.18.1-1ubuntu1~20.04.3"
},
{
"binary_name": "golang-1.18-go",
"binary_version": "1.18.1-1ubuntu1~20.04.3"
},
{
"binary_name": "golang-1.18-src",
"binary_version": "1.18.1-1ubuntu1~20.04.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.18",
"purl": "pkg:deb/ubuntu/golang-1.18@1.18.1-1ubuntu1~20.04.3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.1-1ubuntu1~20.04.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18.1-1ubuntu1~20.04.1",
"1.18.1-1ubuntu1~20.04.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "google-guest-agent",
"binary_version": "20231004.02-0ubuntu1~20.04.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "google-guest-agent",
"purl": "pkg:deb/ubuntu/google-guest-agent@20231004.02-0ubuntu1~20.04.3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "20231004.02-0ubuntu1~20.04.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"20201217.02-0ubuntu1~20.04.0",
"20210414.00-0ubuntu1~20.04.0",
"20210629.00-0ubuntu1~20.04.0",
"20220622.00-0ubuntu2~20.04.0",
"20220622.00-0ubuntu2~20.04.2",
"20230426.00-0ubuntu2~20.04.0",
"20231004.02-0ubuntu1~20.04.1",
"20231004.02-0ubuntu1~20.04.2"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "adsys",
"binary_version": "0.9.2~20.04.2ubuntu0.1+esm1"
},
{
"binary_name": "adsys-windows",
"binary_version": "0.9.2~20.04.2ubuntu0.1+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "adsys",
"purl": "pkg:deb/ubuntu/adsys@0.9.2~20.04.2ubuntu0.1+esm1?arch=source\u0026distro=esm-infra/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.9.2~20.04.2ubuntu0.1+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.8~22.04",
"0.9.2~20.04",
"0.9.2~20.04.1",
"0.9.2~20.04.2",
"0.9.2~20.04.2ubuntu0.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.13",
"binary_version": "1.13.8-1ubuntu1.2"
},
{
"binary_name": "golang-1.13-go",
"binary_version": "1.13.8-1ubuntu1.2"
},
{
"binary_name": "golang-1.13-src",
"binary_version": "1.13.8-1ubuntu1.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.13",
"purl": "pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu1.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.13.1-1ubuntu1",
"1.13.3-1ubuntu1",
"1.13.4-1ubuntu1",
"1.13.5-1ubuntu1",
"1.13.6-1ubuntu1",
"1.13.6-2ubuntu1",
"1.13.7-1ubuntu1",
"1.13.8-1ubuntu1",
"1.13.8-1ubuntu1.1",
"1.13.8-1ubuntu1.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.14",
"binary_version": "1.14.3-2ubuntu2~20.04.2"
},
{
"binary_name": "golang-1.14-go",
"binary_version": "1.14.3-2ubuntu2~20.04.2"
},
{
"binary_name": "golang-1.14-src",
"binary_version": "1.14.3-2ubuntu2~20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.14",
"purl": "pkg:deb/ubuntu/golang-1.14@1.14.3-2ubuntu2~20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.14~beta1-1",
"1.14~beta1-2",
"1.14~rc1-1",
"1.14-1",
"1.14.1-1",
"1.14.2-1",
"1.14.2-1ubuntu1",
"1.14.3-2ubuntu2~20.04.1",
"1.14.3-2ubuntu2~20.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.16",
"binary_version": "1.16.2-0ubuntu1~20.04.1+esm1"
},
{
"binary_name": "golang-1.16-go",
"binary_version": "1.16.2-0ubuntu1~20.04.1+esm1"
},
{
"binary_name": "golang-1.16-src",
"binary_version": "1.16.2-0ubuntu1~20.04.1+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "golang-1.16",
"purl": "pkg:deb/ubuntu/golang-1.16@1.16.2-0ubuntu1~20.04.1+esm1?arch=source\u0026distro=esm-apps/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.16.2-0ubuntu1~20.04",
"1.16.2-0ubuntu1~20.04.1",
"1.16.2-0ubuntu1~20.04.1+esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-go.net-dev",
"binary_version": "1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm2"
},
{
"binary_name": "golang-golang-x-net-dev",
"binary_version": "1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "golang-golang-x-net-dev",
"purl": "pkg:deb/ubuntu/golang-golang-x-net-dev@1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm2?arch=source\u0026distro=esm-apps/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:0.0+git20190811.74dc4d7+dfsg-1",
"1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.17",
"binary_version": "1.17.13-3ubuntu1.3"
},
{
"binary_name": "golang-1.17-go",
"binary_version": "1.17.13-3ubuntu1.3"
},
{
"binary_name": "golang-1.17-src",
"binary_version": "1.17.13-3ubuntu1.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "golang-1.17",
"purl": "pkg:deb/ubuntu/golang-1.17@1.17.13-3ubuntu1.3?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.17.13-3ubuntu1.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.17-1ubuntu2",
"1.17.3-1ubuntu1",
"1.17.3-1ubuntu2",
"1.17.13-3ubuntu1",
"1.17.13-3ubuntu1.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.18",
"binary_version": "1.18.1-1ubuntu1.2"
},
{
"binary_name": "golang-1.18-go",
"binary_version": "1.18.1-1ubuntu1.2"
},
{
"binary_name": "golang-1.18-src",
"binary_version": "1.18.1-1ubuntu1.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "golang-1.18",
"purl": "pkg:deb/ubuntu/golang-1.18@1.18.1-1ubuntu1.2?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.1-1ubuntu1.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18~beta1-0ubuntu1",
"1.18~beta2-1ubuntu1",
"1.18~beta2-1ubuntu2",
"1.18~rc1-1ubuntu1",
"1.18-1ubuntu1",
"1.18.1-1ubuntu1",
"1.18.1-1ubuntu1.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "google-guest-agent",
"binary_version": "20231004.02-0ubuntu1~22.04.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "google-guest-agent",
"purl": "pkg:deb/ubuntu/google-guest-agent@20231004.02-0ubuntu1~22.04.3?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "20231004.02-0ubuntu1~22.04.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"20210629.00-0ubuntu1",
"20210629.00-0ubuntu2",
"20220104.00-0ubuntu1",
"20220104.00-0ubuntu2",
"20220622.00-0ubuntu2~22.04.0",
"20220622.00-0ubuntu2~22.04.1",
"20230426.00-0ubuntu2~22.04.0",
"20231004.02-0ubuntu1~22.04.1",
"20231004.02-0ubuntu1~22.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.13",
"binary_version": "1.13.8-1ubuntu2.22.04.2"
},
{
"binary_name": "golang-1.13-go",
"binary_version": "1.13.8-1ubuntu2.22.04.2"
},
{
"binary_name": "golang-1.13-src",
"binary_version": "1.13.8-1ubuntu2.22.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:22.04:LTS",
"name": "golang-1.13",
"purl": "pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu2.22.04.2?arch=source\u0026distro=esm-apps/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.13.8-1ubuntu2",
"1.13.8-1ubuntu2.22.04.1",
"1.13.8-1ubuntu2.22.04.1+esm1",
"1.13.8-1ubuntu2.22.04.2"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-golang-x-net-dev",
"binary_version": "1:0.0+git20211209.491a49a+dfsg-1ubuntu0.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:22.04:LTS",
"name": "golang-golang-x-net",
"purl": "pkg:deb/ubuntu/golang-golang-x-net@1:0.0+git20211209.491a49a+dfsg-1ubuntu0.1~esm2?arch=source\u0026distro=esm-apps/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:0.0+git20211209.491a49a+dfsg-1ubuntu0.1~esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:0.0+git20210119.5f4716e+dfsg-4",
"1:0.0+git20210805.aaa1db6+dfsg-1",
"1:0.0+git20211209.491a49a+dfsg-1",
"1:0.0+git20211209.491a49a+dfsg-1ubuntu0.1~esm1"
]
}
],
"aliases": [],
"details": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.",
"id": "UBUNTU-CVE-2022-41723",
"modified": "2026-05-20T14:56:11Z",
"published": "2023-02-28T18:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-41723"
},
{
"type": "REPORT",
"url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7109-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7111-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8089-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8089-2"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8089-3"
}
],
"related": [
"USN-7109-1",
"USN-7111-1",
"USN-8089-1",
"USN-8089-2",
"USN-8089-3"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2022-41723"
]
}
ubuntu-cve-2022-41724
Vulnerability from osv_ubuntu
Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).
| URL | Type | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-1.18",
"binary_version": "1.18.1-1ubuntu1~16.04.6+esm1"
},
{
"binary_name": "golang-1.18-go",
"binary_version": "1.18.1-1ubuntu1~16.04.6+esm1"
},
{
"binary_name": "golang-1.18-src",
"binary_version": "1.18.1-1ubuntu1~16.04.6+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "golang-1.18",
"purl": "pkg:deb/ubuntu/golang-1.18@1.18.1-1ubuntu1~16.04.6+esm1?arch=source\u0026distro=esm-apps/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.1-1ubuntu1~16.04.6+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18.1-1ubuntu1~16.04.6"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.13",
"binary_version": "1.13.8-1ubuntu1~16.04.3+esm3"
},
{
"binary_name": "golang-1.13-go",
"binary_version": "1.13.8-1ubuntu1~16.04.3+esm3"
},
{
"binary_name": "golang-1.13-src",
"binary_version": "1.13.8-1ubuntu1~16.04.3+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "golang-1.13",
"purl": "pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu1~16.04.3+esm3?arch=source\u0026distro=esm-apps/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.13.8-1ubuntu1~16.04.2",
"1.13.8-1ubuntu1~16.04.3",
"1.13.8-1ubuntu1~16.04.3+esm2",
"1.13.8-1ubuntu1~16.04.3+esm3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.13",
"binary_version": "1.13.8-1ubuntu1~18.04.4+esm1"
},
{
"binary_name": "golang-1.13-go",
"binary_version": "1.13.8-1ubuntu1~18.04.4+esm1"
},
{
"binary_name": "golang-1.13-src",
"binary_version": "1.13.8-1ubuntu1~18.04.4+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "golang-1.13",
"purl": "pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu1~18.04.4+esm1?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.13.8-1ubuntu1~18.04.2",
"1.13.8-1ubuntu1~18.04.3",
"1.13.8-1ubuntu1~18.04.4",
"1.13.8-1ubuntu1~18.04.4+esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.16",
"binary_version": "1.16.2-0ubuntu1~18.04.2+esm1"
},
{
"binary_name": "golang-1.16-go",
"binary_version": "1.16.2-0ubuntu1~18.04.2+esm1"
},
{
"binary_name": "golang-1.16-src",
"binary_version": "1.16.2-0ubuntu1~18.04.2+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "golang-1.16",
"purl": "pkg:deb/ubuntu/golang-1.16@1.16.2-0ubuntu1~18.04.2+esm1?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.16.2-0ubuntu1~18.04.2",
"1.16.2-0ubuntu1~18.04.2+esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-1.18",
"binary_version": "1.18.1-1ubuntu1~18.04.4+esm1"
},
{
"binary_name": "golang-1.18-go",
"binary_version": "1.18.1-1ubuntu1~18.04.4+esm1"
},
{
"binary_name": "golang-1.18-src",
"binary_version": "1.18.1-1ubuntu1~18.04.4+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "golang-1.18",
"purl": "pkg:deb/ubuntu/golang-1.18@1.18.1-1ubuntu1~18.04.4+esm1?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.1-1ubuntu1~18.04.4+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18.1-1ubuntu1~18.04.3",
"1.18.1-1ubuntu1~18.04.4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.18",
"binary_version": "1.18.1-1ubuntu1~20.04.3"
},
{
"binary_name": "golang-1.18-go",
"binary_version": "1.18.1-1ubuntu1~20.04.3"
},
{
"binary_name": "golang-1.18-src",
"binary_version": "1.18.1-1ubuntu1~20.04.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.18",
"purl": "pkg:deb/ubuntu/golang-1.18@1.18.1-1ubuntu1~20.04.3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.1-1ubuntu1~20.04.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18.1-1ubuntu1~20.04.1",
"1.18.1-1ubuntu1~20.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.13",
"binary_version": "1.13.8-1ubuntu1.2"
},
{
"binary_name": "golang-1.13-go",
"binary_version": "1.13.8-1ubuntu1.2"
},
{
"binary_name": "golang-1.13-src",
"binary_version": "1.13.8-1ubuntu1.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.13",
"purl": "pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu1.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.13.1-1ubuntu1",
"1.13.3-1ubuntu1",
"1.13.4-1ubuntu1",
"1.13.5-1ubuntu1",
"1.13.6-1ubuntu1",
"1.13.6-2ubuntu1",
"1.13.7-1ubuntu1",
"1.13.8-1ubuntu1",
"1.13.8-1ubuntu1.1",
"1.13.8-1ubuntu1.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.14",
"binary_version": "1.14.3-2ubuntu2~20.04.2"
},
{
"binary_name": "golang-1.14-go",
"binary_version": "1.14.3-2ubuntu2~20.04.2"
},
{
"binary_name": "golang-1.14-src",
"binary_version": "1.14.3-2ubuntu2~20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.14",
"purl": "pkg:deb/ubuntu/golang-1.14@1.14.3-2ubuntu2~20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.14~beta1-1",
"1.14~beta1-2",
"1.14~rc1-1",
"1.14-1",
"1.14.1-1",
"1.14.2-1",
"1.14.2-1ubuntu1",
"1.14.3-2ubuntu2~20.04.1",
"1.14.3-2ubuntu2~20.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.16",
"binary_version": "1.16.2-0ubuntu1~20.04.1+esm1"
},
{
"binary_name": "golang-1.16-go",
"binary_version": "1.16.2-0ubuntu1~20.04.1+esm1"
},
{
"binary_name": "golang-1.16-src",
"binary_version": "1.16.2-0ubuntu1~20.04.1+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "golang-1.16",
"purl": "pkg:deb/ubuntu/golang-1.16@1.16.2-0ubuntu1~20.04.1+esm1?arch=source\u0026distro=esm-apps/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.16.2-0ubuntu1~20.04",
"1.16.2-0ubuntu1~20.04.1",
"1.16.2-0ubuntu1~20.04.1+esm1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.17",
"binary_version": "1.17.13-3ubuntu1.3"
},
{
"binary_name": "golang-1.17-go",
"binary_version": "1.17.13-3ubuntu1.3"
},
{
"binary_name": "golang-1.17-src",
"binary_version": "1.17.13-3ubuntu1.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "golang-1.17",
"purl": "pkg:deb/ubuntu/golang-1.17@1.17.13-3ubuntu1.3?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.17.13-3ubuntu1.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.17-1ubuntu2",
"1.17.3-1ubuntu1",
"1.17.3-1ubuntu2",
"1.17.13-3ubuntu1",
"1.17.13-3ubuntu1.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.18",
"binary_version": "1.18.1-1ubuntu1.2"
},
{
"binary_name": "golang-1.18-go",
"binary_version": "1.18.1-1ubuntu1.2"
},
{
"binary_name": "golang-1.18-src",
"binary_version": "1.18.1-1ubuntu1.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "golang-1.18",
"purl": "pkg:deb/ubuntu/golang-1.18@1.18.1-1ubuntu1.2?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.1-1ubuntu1.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18~beta1-0ubuntu1",
"1.18~beta2-1ubuntu1",
"1.18~beta2-1ubuntu2",
"1.18~rc1-1ubuntu1",
"1.18-1ubuntu1",
"1.18.1-1ubuntu1",
"1.18.1-1ubuntu1.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.13",
"binary_version": "1.13.8-1ubuntu2.22.04.2"
},
{
"binary_name": "golang-1.13-go",
"binary_version": "1.13.8-1ubuntu2.22.04.2"
},
{
"binary_name": "golang-1.13-src",
"binary_version": "1.13.8-1ubuntu2.22.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:22.04:LTS",
"name": "golang-1.13",
"purl": "pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu2.22.04.2?arch=source\u0026distro=esm-apps/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.13.8-1ubuntu2",
"1.13.8-1ubuntu2.22.04.1",
"1.13.8-1ubuntu2.22.04.1+esm1",
"1.13.8-1ubuntu2.22.04.2"
]
}
],
"aliases": [],
"details": "Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth \u003e= RequestClientCert).",
"id": "UBUNTU-CVE-2022-41724",
"modified": "2026-05-20T14:56:11Z",
"published": "2023-02-28T18:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-41724"
},
{
"type": "REPORT",
"url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"
},
{
"type": "REPORT",
"url": "https://go.dev/issue/58001"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6140-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7109-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7111-1"
}
],
"related": [
"USN-6140-1",
"USN-7109-1",
"USN-7111-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2022-41724"
]
}
ubuntu-cve-2022-41725
Vulnerability from osv_ubuntu
A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented as storing "up to maxMemory bytes +10MB (reserved for non-file parts) in memory". File parts which cannot be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file parts is excessively large and can potentially open a denial of service vector on its own. However, ReadForm did not properly account for all memory consumed by a parsed form, such as map entry overhead, part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In addition, ReadForm contained no limit on the number of disk files created, permitting a relatively small request body to create a large number of disk temporary files. With fix, ReadForm now properly accounts for various forms of memory overhead, and should now stay within its documented limit of 10MB + maxMemory bytes of memory consumption. Users should still be aware that this limit is high and may still be hazardous. In addition, ReadForm now creates at most one on-disk temporary file, combining multiple form parts into a single temporary file. The mime/multipart.File interface type's documentation states, "If stored on disk, the File's underlying concrete type will be an *os.File.". This is no longer the case when a form contains more than one file part, due to this coalescing of parts into a single file. The previous behavior of using distinct files for each form part may be reenabled with the environment variable GODEBUG=multipartfiles=distinct. Users should be aware that multipart.ReadForm and the http.Request methods that call it do not limit the amount of disk consumed by temporary files. Callers can limit the size of form data with http.MaxBytesReader.
| URL | Type | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.10",
"binary_version": "1.10.4-2ubuntu1~14.04.1"
},
{
"binary_name": "golang-1.10-go",
"binary_version": "1.10.4-2ubuntu1~14.04.1"
},
{
"binary_name": "golang-1.10-src",
"binary_version": "1.10.4-2ubuntu1~14.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "golang-1.10",
"purl": "pkg:deb/ubuntu/golang-1.10@1.10.4-2ubuntu1~14.04.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.10.4-2ubuntu1~14.04.1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-1.18",
"binary_version": "1.18.1-1ubuntu1~16.04.6+esm1"
},
{
"binary_name": "golang-1.18-go",
"binary_version": "1.18.1-1ubuntu1~16.04.6+esm1"
},
{
"binary_name": "golang-1.18-src",
"binary_version": "1.18.1-1ubuntu1~16.04.6+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "golang-1.18",
"purl": "pkg:deb/ubuntu/golang-1.18@1.18.1-1ubuntu1~16.04.6+esm1?arch=source\u0026distro=esm-apps/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.1-1ubuntu1~16.04.6+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18.1-1ubuntu1~16.04.6"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.10",
"binary_version": "1.10.4-2ubuntu1~16.04.2"
},
{
"binary_name": "golang-1.10-go",
"binary_version": "1.10.4-2ubuntu1~16.04.2"
},
{
"binary_name": "golang-1.10-src",
"binary_version": "1.10.4-2ubuntu1~16.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "golang-1.10",
"purl": "pkg:deb/ubuntu/golang-1.10@1.10.4-2ubuntu1~16.04.2?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.10.4-2ubuntu1~16.04.1",
"1.10.4-2ubuntu1~16.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.6",
"binary_version": "1.6.2-0ubuntu5~16.04.4"
},
{
"binary_name": "golang-1.6-go",
"binary_version": "1.6.2-0ubuntu5~16.04.4"
},
{
"binary_name": "golang-1.6-src",
"binary_version": "1.6.2-0ubuntu5~16.04.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "golang-1.6",
"purl": "pkg:deb/ubuntu/golang-1.6@1.6.2-0ubuntu5~16.04.4?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.6-0ubuntu1",
"1.6-0ubuntu2",
"1.6-0ubuntu3",
"1.6-0ubuntu4",
"1.6-0ubuntu5",
"1.6.1-0ubuntu1",
"1.6.2-0ubuntu5~16.04",
"1.6.2-0ubuntu5~16.04.2",
"1.6.2-0ubuntu5~16.04.3",
"1.6.2-0ubuntu5~16.04.4"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.13",
"binary_version": "1.13.8-1ubuntu1~16.04.3+esm3"
},
{
"binary_name": "golang-1.13-go",
"binary_version": "1.13.8-1ubuntu1~16.04.3+esm3"
},
{
"binary_name": "golang-1.13-src",
"binary_version": "1.13.8-1ubuntu1~16.04.3+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "golang-1.13",
"purl": "pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu1~16.04.3+esm3?arch=source\u0026distro=esm-apps/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.13.8-1ubuntu1~16.04.2",
"1.13.8-1ubuntu1~16.04.3",
"1.13.8-1ubuntu1~16.04.3+esm2",
"1.13.8-1ubuntu1~16.04.3+esm3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.10",
"binary_version": "1.10.4-2ubuntu1~18.04.2"
},
{
"binary_name": "golang-1.10-go",
"binary_version": "1.10.4-2ubuntu1~18.04.2"
},
{
"binary_name": "golang-1.10-src",
"binary_version": "1.10.4-2ubuntu1~18.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "golang-1.10",
"purl": "pkg:deb/ubuntu/golang-1.10@1.10.4-2ubuntu1~18.04.2?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.10~rc1-1",
"1.10~rc1-1ubuntu1",
"1.10~rc1-2ubuntu1",
"1.10~rc2-1ubuntu1",
"1.10-1ubuntu1",
"1.10.1-1ubuntu2",
"1.10.4-2ubuntu1~18.04.1",
"1.10.4-2ubuntu1~18.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.13",
"binary_version": "1.13.8-1ubuntu1~18.04.4+esm1"
},
{
"binary_name": "golang-1.13-go",
"binary_version": "1.13.8-1ubuntu1~18.04.4+esm1"
},
{
"binary_name": "golang-1.13-src",
"binary_version": "1.13.8-1ubuntu1~18.04.4+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "golang-1.13",
"purl": "pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu1~18.04.4+esm1?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.13.8-1ubuntu1~18.04.2",
"1.13.8-1ubuntu1~18.04.3",
"1.13.8-1ubuntu1~18.04.4",
"1.13.8-1ubuntu1~18.04.4+esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.16",
"binary_version": "1.16.2-0ubuntu1~18.04.2+esm1"
},
{
"binary_name": "golang-1.16-go",
"binary_version": "1.16.2-0ubuntu1~18.04.2+esm1"
},
{
"binary_name": "golang-1.16-src",
"binary_version": "1.16.2-0ubuntu1~18.04.2+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "golang-1.16",
"purl": "pkg:deb/ubuntu/golang-1.16@1.16.2-0ubuntu1~18.04.2+esm1?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.16.2-0ubuntu1~18.04.2",
"1.16.2-0ubuntu1~18.04.2+esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-1.18",
"binary_version": "1.18.1-1ubuntu1~18.04.4+esm1"
},
{
"binary_name": "golang-1.18-go",
"binary_version": "1.18.1-1ubuntu1~18.04.4+esm1"
},
{
"binary_name": "golang-1.18-src",
"binary_version": "1.18.1-1ubuntu1~18.04.4+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "golang-1.18",
"purl": "pkg:deb/ubuntu/golang-1.18@1.18.1-1ubuntu1~18.04.4+esm1?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.1-1ubuntu1~18.04.4+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18.1-1ubuntu1~18.04.3",
"1.18.1-1ubuntu1~18.04.4"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.8",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
},
{
"binary_name": "golang-1.8-go",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
},
{
"binary_name": "golang-1.8-go-shared-dev",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
},
{
"binary_name": "golang-1.8-src",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
},
{
"binary_name": "libgolang-1.8-std1",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "golang-1.8",
"purl": "pkg:deb/ubuntu/golang-1.8@1.8.3-2ubuntu1.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.8.3-2ubuntu1",
"1.8.3-2ubuntu1.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.9",
"binary_version": "1.9.4-1ubuntu1"
},
{
"binary_name": "golang-1.9-go",
"binary_version": "1.9.4-1ubuntu1"
},
{
"binary_name": "golang-1.9-src",
"binary_version": "1.9.4-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "golang-1.9",
"purl": "pkg:deb/ubuntu/golang-1.9@1.9.4-1ubuntu1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.9.1-2ubuntu1",
"1.9.2-1ubuntu1",
"1.9.2-3ubuntu1",
"1.9.3-1ubuntu1",
"1.9.4-1ubuntu1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.18",
"binary_version": "1.18.1-1ubuntu1~20.04.3"
},
{
"binary_name": "golang-1.18-go",
"binary_version": "1.18.1-1ubuntu1~20.04.3"
},
{
"binary_name": "golang-1.18-src",
"binary_version": "1.18.1-1ubuntu1~20.04.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.18",
"purl": "pkg:deb/ubuntu/golang-1.18@1.18.1-1ubuntu1~20.04.3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.1-1ubuntu1~20.04.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18.1-1ubuntu1~20.04.1",
"1.18.1-1ubuntu1~20.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.13",
"binary_version": "1.13.8-1ubuntu1.2"
},
{
"binary_name": "golang-1.13-go",
"binary_version": "1.13.8-1ubuntu1.2"
},
{
"binary_name": "golang-1.13-src",
"binary_version": "1.13.8-1ubuntu1.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.13",
"purl": "pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu1.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.13.1-1ubuntu1",
"1.13.3-1ubuntu1",
"1.13.4-1ubuntu1",
"1.13.5-1ubuntu1",
"1.13.6-1ubuntu1",
"1.13.6-2ubuntu1",
"1.13.7-1ubuntu1",
"1.13.8-1ubuntu1",
"1.13.8-1ubuntu1.1",
"1.13.8-1ubuntu1.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.14",
"binary_version": "1.14.3-2ubuntu2~20.04.2"
},
{
"binary_name": "golang-1.14-go",
"binary_version": "1.14.3-2ubuntu2~20.04.2"
},
{
"binary_name": "golang-1.14-src",
"binary_version": "1.14.3-2ubuntu2~20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.14",
"purl": "pkg:deb/ubuntu/golang-1.14@1.14.3-2ubuntu2~20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.14~beta1-1",
"1.14~beta1-2",
"1.14~rc1-1",
"1.14-1",
"1.14.1-1",
"1.14.2-1",
"1.14.2-1ubuntu1",
"1.14.3-2ubuntu2~20.04.1",
"1.14.3-2ubuntu2~20.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.16",
"binary_version": "1.16.2-0ubuntu1~20.04.1+esm1"
},
{
"binary_name": "golang-1.16-go",
"binary_version": "1.16.2-0ubuntu1~20.04.1+esm1"
},
{
"binary_name": "golang-1.16-src",
"binary_version": "1.16.2-0ubuntu1~20.04.1+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "golang-1.16",
"purl": "pkg:deb/ubuntu/golang-1.16@1.16.2-0ubuntu1~20.04.1+esm1?arch=source\u0026distro=esm-apps/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.16.2-0ubuntu1~20.04",
"1.16.2-0ubuntu1~20.04.1",
"1.16.2-0ubuntu1~20.04.1+esm1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.17",
"binary_version": "1.17.13-3ubuntu1.3"
},
{
"binary_name": "golang-1.17-go",
"binary_version": "1.17.13-3ubuntu1.3"
},
{
"binary_name": "golang-1.17-src",
"binary_version": "1.17.13-3ubuntu1.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "golang-1.17",
"purl": "pkg:deb/ubuntu/golang-1.17@1.17.13-3ubuntu1.3?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.17.13-3ubuntu1.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.17-1ubuntu2",
"1.17.3-1ubuntu1",
"1.17.3-1ubuntu2",
"1.17.13-3ubuntu1",
"1.17.13-3ubuntu1.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.18",
"binary_version": "1.18.1-1ubuntu1.2"
},
{
"binary_name": "golang-1.18-go",
"binary_version": "1.18.1-1ubuntu1.2"
},
{
"binary_name": "golang-1.18-src",
"binary_version": "1.18.1-1ubuntu1.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "golang-1.18",
"purl": "pkg:deb/ubuntu/golang-1.18@1.18.1-1ubuntu1.2?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.1-1ubuntu1.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18~beta1-0ubuntu1",
"1.18~beta2-1ubuntu1",
"1.18~beta2-1ubuntu2",
"1.18~rc1-1ubuntu1",
"1.18-1ubuntu1",
"1.18.1-1ubuntu1",
"1.18.1-1ubuntu1.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.13",
"binary_version": "1.13.8-1ubuntu2.22.04.2"
},
{
"binary_name": "golang-1.13-go",
"binary_version": "1.13.8-1ubuntu2.22.04.2"
},
{
"binary_name": "golang-1.13-src",
"binary_version": "1.13.8-1ubuntu2.22.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:22.04:LTS",
"name": "golang-1.13",
"purl": "pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu2.22.04.2?arch=source\u0026distro=esm-apps/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.13.8-1ubuntu2",
"1.13.8-1ubuntu2.22.04.1",
"1.13.8-1ubuntu2.22.04.1+esm1",
"1.13.8-1ubuntu2.22.04.2"
]
}
],
"aliases": [],
"details": "A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented as storing \"up to maxMemory bytes +10MB (reserved for non-file parts) in memory\". File parts which cannot be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file parts is excessively large and can potentially open a denial of service vector on its own. However, ReadForm did not properly account for all memory consumed by a parsed form, such as map entry overhead, part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In addition, ReadForm contained no limit on the number of disk files created, permitting a relatively small request body to create a large number of disk temporary files. With fix, ReadForm now properly accounts for various forms of memory overhead, and should now stay within its documented limit of 10MB + maxMemory bytes of memory consumption. Users should still be aware that this limit is high and may still be hazardous. In addition, ReadForm now creates at most one on-disk temporary file, combining multiple form parts into a single temporary file. The mime/multipart.File interface type\u0027s documentation states, \"If stored on disk, the File\u0027s underlying concrete type will be an *os.File.\". This is no longer the case when a form contains more than one file part, due to this coalescing of parts into a single file. The previous behavior of using distinct files for each form part may be reenabled with the environment variable GODEBUG=multipartfiles=distinct. Users should be aware that multipart.ReadForm and the http.Request methods that call it do not limit the amount of disk consumed by temporary files. Callers can limit the size of form data with http.MaxBytesReader.",
"id": "UBUNTU-CVE-2022-41725",
"modified": "2026-05-20T14:56:11Z",
"published": "2023-02-28T18:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-41725"
},
{
"type": "REPORT",
"url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"
},
{
"type": "REPORT",
"url": "https://github.com/golang/go/commit/5c55ac9bf1e5f779220294c843526536605f42ab"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6140-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7109-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7111-1"
}
],
"related": [
"USN-6140-1",
"USN-7109-1",
"USN-7111-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2022-41725"
]
}
ubuntu-cve-2023-24536
Vulnerability from osv_ubuntu
Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount of memory consumed, leading it to accept larger inputs than intended. 2. Limiting total memory does not account for increased pressure on the garbage collector from large numbers of small allocations in forms with many parts. 3. ReadForm can allocate a large number of short-lived buffers, further increasing pressure on the garbage collector. The combination of these factors can permit an attacker to cause an program that parses multipart forms to consume large amounts of CPU and memory, potentially resulting in a denial of service. This affects programs that use mime/multipart.Reader.ReadForm, as well as form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. With fix, ReadForm now does a better job of estimating the memory consumption of parsed forms, and performs many fewer short-lived allocations. In addition, the fixed mime/multipart.Reader imposes the following limits on the size of parsed forms: 1. Forms parsed with ReadForm may contain no more than 1000 parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxparts=. 2. Form parts parsed with NextPart and NextRawPart may contain no more than 10,000 header fields. In addition, forms parsed with ReadForm may contain no more than 10,000 header fields across all parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxheaders=.
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.10",
"binary_version": "1.10.4-2ubuntu1~14.04.1"
},
{
"binary_name": "golang-1.10-go",
"binary_version": "1.10.4-2ubuntu1~14.04.1"
},
{
"binary_name": "golang-1.10-src",
"binary_version": "1.10.4-2ubuntu1~14.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "golang-1.10",
"purl": "pkg:deb/ubuntu/golang-1.10@1.10.4-2ubuntu1~14.04.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.10.4-2ubuntu1~14.04.1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-1.18",
"binary_version": "1.18.1-1ubuntu1~16.04.6+esm1"
},
{
"binary_name": "golang-1.18-go",
"binary_version": "1.18.1-1ubuntu1~16.04.6+esm1"
},
{
"binary_name": "golang-1.18-src",
"binary_version": "1.18.1-1ubuntu1~16.04.6+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "golang-1.18",
"purl": "pkg:deb/ubuntu/golang-1.18@1.18.1-1ubuntu1~16.04.6+esm1?arch=source\u0026distro=esm-apps/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.1-1ubuntu1~16.04.6+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18.1-1ubuntu1~16.04.6"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.10",
"binary_version": "1.10.4-2ubuntu1~16.04.2"
},
{
"binary_name": "golang-1.10-go",
"binary_version": "1.10.4-2ubuntu1~16.04.2"
},
{
"binary_name": "golang-1.10-src",
"binary_version": "1.10.4-2ubuntu1~16.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "golang-1.10",
"purl": "pkg:deb/ubuntu/golang-1.10@1.10.4-2ubuntu1~16.04.2?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.10.4-2ubuntu1~16.04.1",
"1.10.4-2ubuntu1~16.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.6",
"binary_version": "1.6.2-0ubuntu5~16.04.4"
},
{
"binary_name": "golang-1.6-go",
"binary_version": "1.6.2-0ubuntu5~16.04.4"
},
{
"binary_name": "golang-1.6-src",
"binary_version": "1.6.2-0ubuntu5~16.04.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "golang-1.6",
"purl": "pkg:deb/ubuntu/golang-1.6@1.6.2-0ubuntu5~16.04.4?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.6-0ubuntu1",
"1.6-0ubuntu2",
"1.6-0ubuntu3",
"1.6-0ubuntu4",
"1.6-0ubuntu5",
"1.6.1-0ubuntu1",
"1.6.2-0ubuntu5~16.04",
"1.6.2-0ubuntu5~16.04.2",
"1.6.2-0ubuntu5~16.04.3",
"1.6.2-0ubuntu5~16.04.4"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.13",
"binary_version": "1.13.8-1ubuntu1~16.04.3+esm3"
},
{
"binary_name": "golang-1.13-go",
"binary_version": "1.13.8-1ubuntu1~16.04.3+esm3"
},
{
"binary_name": "golang-1.13-src",
"binary_version": "1.13.8-1ubuntu1~16.04.3+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "golang-1.13",
"purl": "pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu1~16.04.3+esm3?arch=source\u0026distro=esm-apps/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.13.8-1ubuntu1~16.04.2",
"1.13.8-1ubuntu1~16.04.3",
"1.13.8-1ubuntu1~16.04.3+esm2",
"1.13.8-1ubuntu1~16.04.3+esm3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.10",
"binary_version": "1.10.4-2ubuntu1~18.04.2"
},
{
"binary_name": "golang-1.10-go",
"binary_version": "1.10.4-2ubuntu1~18.04.2"
},
{
"binary_name": "golang-1.10-src",
"binary_version": "1.10.4-2ubuntu1~18.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "golang-1.10",
"purl": "pkg:deb/ubuntu/golang-1.10@1.10.4-2ubuntu1~18.04.2?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.10~rc1-1",
"1.10~rc1-1ubuntu1",
"1.10~rc1-2ubuntu1",
"1.10~rc2-1ubuntu1",
"1.10-1ubuntu1",
"1.10.1-1ubuntu2",
"1.10.4-2ubuntu1~18.04.1",
"1.10.4-2ubuntu1~18.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.13",
"binary_version": "1.13.8-1ubuntu1~18.04.4+esm1"
},
{
"binary_name": "golang-1.13-go",
"binary_version": "1.13.8-1ubuntu1~18.04.4+esm1"
},
{
"binary_name": "golang-1.13-src",
"binary_version": "1.13.8-1ubuntu1~18.04.4+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "golang-1.13",
"purl": "pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu1~18.04.4+esm1?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.13.8-1ubuntu1~18.04.2",
"1.13.8-1ubuntu1~18.04.3",
"1.13.8-1ubuntu1~18.04.4",
"1.13.8-1ubuntu1~18.04.4+esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.16",
"binary_version": "1.16.2-0ubuntu1~18.04.2+esm1"
},
{
"binary_name": "golang-1.16-go",
"binary_version": "1.16.2-0ubuntu1~18.04.2+esm1"
},
{
"binary_name": "golang-1.16-src",
"binary_version": "1.16.2-0ubuntu1~18.04.2+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "golang-1.16",
"purl": "pkg:deb/ubuntu/golang-1.16@1.16.2-0ubuntu1~18.04.2+esm1?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.16.2-0ubuntu1~18.04.2",
"1.16.2-0ubuntu1~18.04.2+esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-1.18",
"binary_version": "1.18.1-1ubuntu1~18.04.4+esm1"
},
{
"binary_name": "golang-1.18-go",
"binary_version": "1.18.1-1ubuntu1~18.04.4+esm1"
},
{
"binary_name": "golang-1.18-src",
"binary_version": "1.18.1-1ubuntu1~18.04.4+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "golang-1.18",
"purl": "pkg:deb/ubuntu/golang-1.18@1.18.1-1ubuntu1~18.04.4+esm1?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.1-1ubuntu1~18.04.4+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18.1-1ubuntu1~18.04.3",
"1.18.1-1ubuntu1~18.04.4"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.8",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
},
{
"binary_name": "golang-1.8-go",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
},
{
"binary_name": "golang-1.8-go-shared-dev",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
},
{
"binary_name": "golang-1.8-src",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
},
{
"binary_name": "libgolang-1.8-std1",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "golang-1.8",
"purl": "pkg:deb/ubuntu/golang-1.8@1.8.3-2ubuntu1.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.8.3-2ubuntu1",
"1.8.3-2ubuntu1.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.9",
"binary_version": "1.9.4-1ubuntu1"
},
{
"binary_name": "golang-1.9-go",
"binary_version": "1.9.4-1ubuntu1"
},
{
"binary_name": "golang-1.9-src",
"binary_version": "1.9.4-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "golang-1.9",
"purl": "pkg:deb/ubuntu/golang-1.9@1.9.4-1ubuntu1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.9.1-2ubuntu1",
"1.9.2-1ubuntu1",
"1.9.2-3ubuntu1",
"1.9.3-1ubuntu1",
"1.9.4-1ubuntu1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.18",
"binary_version": "1.18.1-1ubuntu1~20.04.3"
},
{
"binary_name": "golang-1.18-go",
"binary_version": "1.18.1-1ubuntu1~20.04.3"
},
{
"binary_name": "golang-1.18-src",
"binary_version": "1.18.1-1ubuntu1~20.04.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.18",
"purl": "pkg:deb/ubuntu/golang-1.18@1.18.1-1ubuntu1~20.04.3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.1-1ubuntu1~20.04.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18.1-1ubuntu1~20.04.1",
"1.18.1-1ubuntu1~20.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.13",
"binary_version": "1.13.8-1ubuntu1.2"
},
{
"binary_name": "golang-1.13-go",
"binary_version": "1.13.8-1ubuntu1.2"
},
{
"binary_name": "golang-1.13-src",
"binary_version": "1.13.8-1ubuntu1.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.13",
"purl": "pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu1.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.13.1-1ubuntu1",
"1.13.3-1ubuntu1",
"1.13.4-1ubuntu1",
"1.13.5-1ubuntu1",
"1.13.6-1ubuntu1",
"1.13.6-2ubuntu1",
"1.13.7-1ubuntu1",
"1.13.8-1ubuntu1",
"1.13.8-1ubuntu1.1",
"1.13.8-1ubuntu1.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.14",
"binary_version": "1.14.3-2ubuntu2~20.04.2"
},
{
"binary_name": "golang-1.14-go",
"binary_version": "1.14.3-2ubuntu2~20.04.2"
},
{
"binary_name": "golang-1.14-src",
"binary_version": "1.14.3-2ubuntu2~20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.14",
"purl": "pkg:deb/ubuntu/golang-1.14@1.14.3-2ubuntu2~20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.14~beta1-1",
"1.14~beta1-2",
"1.14~rc1-1",
"1.14-1",
"1.14.1-1",
"1.14.2-1",
"1.14.2-1ubuntu1",
"1.14.3-2ubuntu2~20.04.1",
"1.14.3-2ubuntu2~20.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.16",
"binary_version": "1.16.2-0ubuntu1~20.04.1+esm1"
},
{
"binary_name": "golang-1.16-go",
"binary_version": "1.16.2-0ubuntu1~20.04.1+esm1"
},
{
"binary_name": "golang-1.16-src",
"binary_version": "1.16.2-0ubuntu1~20.04.1+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "golang-1.16",
"purl": "pkg:deb/ubuntu/golang-1.16@1.16.2-0ubuntu1~20.04.1+esm1?arch=source\u0026distro=esm-apps/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.16.2-0ubuntu1~20.04",
"1.16.2-0ubuntu1~20.04.1",
"1.16.2-0ubuntu1~20.04.1+esm1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.17",
"binary_version": "1.17.13-3ubuntu1.3"
},
{
"binary_name": "golang-1.17-go",
"binary_version": "1.17.13-3ubuntu1.3"
},
{
"binary_name": "golang-1.17-src",
"binary_version": "1.17.13-3ubuntu1.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "golang-1.17",
"purl": "pkg:deb/ubuntu/golang-1.17@1.17.13-3ubuntu1.3?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.17.13-3ubuntu1.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.17-1ubuntu2",
"1.17.3-1ubuntu1",
"1.17.3-1ubuntu2",
"1.17.13-3ubuntu1",
"1.17.13-3ubuntu1.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.18",
"binary_version": "1.18.1-1ubuntu1.2"
},
{
"binary_name": "golang-1.18-go",
"binary_version": "1.18.1-1ubuntu1.2"
},
{
"binary_name": "golang-1.18-src",
"binary_version": "1.18.1-1ubuntu1.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "golang-1.18",
"purl": "pkg:deb/ubuntu/golang-1.18@1.18.1-1ubuntu1.2?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.1-1ubuntu1.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18~beta1-0ubuntu1",
"1.18~beta2-1ubuntu1",
"1.18~beta2-1ubuntu2",
"1.18~rc1-1ubuntu1",
"1.18-1ubuntu1",
"1.18.1-1ubuntu1",
"1.18.1-1ubuntu1.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.13",
"binary_version": "1.13.8-1ubuntu2.22.04.2"
},
{
"binary_name": "golang-1.13-go",
"binary_version": "1.13.8-1ubuntu2.22.04.2"
},
{
"binary_name": "golang-1.13-src",
"binary_version": "1.13.8-1ubuntu2.22.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:22.04:LTS",
"name": "golang-1.13",
"purl": "pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu2.22.04.2?arch=source\u0026distro=esm-apps/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.13.8-1ubuntu2",
"1.13.8-1ubuntu2.22.04.1",
"1.13.8-1ubuntu2.22.04.1+esm1",
"1.13.8-1ubuntu2.22.04.2"
]
}
],
"aliases": [],
"details": "Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount of memory consumed, leading it to accept larger inputs than intended. 2. Limiting total memory does not account for increased pressure on the garbage collector from large numbers of small allocations in forms with many parts. 3. ReadForm can allocate a large number of short-lived buffers, further increasing pressure on the garbage collector. The combination of these factors can permit an attacker to cause an program that parses multipart forms to consume large amounts of CPU and memory, potentially resulting in a denial of service. This affects programs that use mime/multipart.Reader.ReadForm, as well as form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. With fix, ReadForm now does a better job of estimating the memory consumption of parsed forms, and performs many fewer short-lived allocations. In addition, the fixed mime/multipart.Reader imposes the following limits on the size of parsed forms: 1. Forms parsed with ReadForm may contain no more than 1000 parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxparts=. 2. Form parts parsed with NextPart and NextRawPart may contain no more than 10,000 header fields. In addition, forms parsed with ReadForm may contain no more than 10,000 header fields across all parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxheaders=.",
"id": "UBUNTU-CVE-2023-24536",
"modified": "2026-05-20T15:02:29Z",
"published": "2023-04-06T16:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-24536"
},
{
"type": "REPORT",
"url": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8"
},
{
"type": "REPORT",
"url": "https://go.dev/issue/59153"
},
{
"type": "REPORT",
"url": "https://github.com/golang/go/commit/bf8c7c575c8a552d9d79deb29e80854dc88528d0"
},
{
"type": "REPORT",
"url": "https://github.com/golang/go/commit/7917b5f31204528ea72e0629f0b7d52b35b27538"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24536"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7109-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7111-1"
}
],
"related": [
"USN-7109-1",
"USN-7111-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2023-24536"
]
}
ubuntu-cve-2023-39323
Vulnerability from osv_ubuntu
Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.
| URL | Type | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-1.18",
"binary_version": "1.18.1-1ubuntu1~16.04.6+esm1"
},
{
"binary_name": "golang-1.18-go",
"binary_version": "1.18.1-1ubuntu1~16.04.6+esm1"
},
{
"binary_name": "golang-1.18-src",
"binary_version": "1.18.1-1ubuntu1~16.04.6+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "golang-1.18",
"purl": "pkg:deb/ubuntu/golang-1.18@1.18.1-1ubuntu1~16.04.6+esm1?arch=source\u0026distro=esm-apps/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.1-1ubuntu1~16.04.6+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18.1-1ubuntu1~16.04.6"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-1.18",
"binary_version": "1.18.1-1ubuntu1~18.04.4+esm1"
},
{
"binary_name": "golang-1.18-go",
"binary_version": "1.18.1-1ubuntu1~18.04.4+esm1"
},
{
"binary_name": "golang-1.18-src",
"binary_version": "1.18.1-1ubuntu1~18.04.4+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "golang-1.18",
"purl": "pkg:deb/ubuntu/golang-1.18@1.18.1-1ubuntu1~18.04.4+esm1?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.1-1ubuntu1~18.04.4+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18.1-1ubuntu1~18.04.3",
"1.18.1-1ubuntu1~18.04.4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.18",
"binary_version": "1.18.1-1ubuntu1~20.04.3"
},
{
"binary_name": "golang-1.18-go",
"binary_version": "1.18.1-1ubuntu1~20.04.3"
},
{
"binary_name": "golang-1.18-src",
"binary_version": "1.18.1-1ubuntu1~20.04.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.18",
"purl": "pkg:deb/ubuntu/golang-1.18@1.18.1-1ubuntu1~20.04.3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.1-1ubuntu1~20.04.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18.1-1ubuntu1~20.04.1",
"1.18.1-1ubuntu1~20.04.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.20",
"binary_version": "1.20.3-1ubuntu0.1~20.04.1"
},
{
"binary_name": "golang-1.20-go",
"binary_version": "1.20.3-1ubuntu0.1~20.04.1"
},
{
"binary_name": "golang-1.20-src",
"binary_version": "1.20.3-1ubuntu0.1~20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.20",
"purl": "pkg:deb/ubuntu/golang-1.20@1.20.3-1ubuntu0.1~20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.20.3-1ubuntu0.1~20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.20.3-1ubuntu0.1~20.04"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.21",
"binary_version": "1.21.1-1~ubuntu20.04.2"
},
{
"binary_name": "golang-1.21-go",
"binary_version": "1.21.1-1~ubuntu20.04.2"
},
{
"binary_name": "golang-1.21-src",
"binary_version": "1.21.1-1~ubuntu20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.21",
"purl": "pkg:deb/ubuntu/golang-1.21@1.21.1-1~ubuntu20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.21.1-1~ubuntu20.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.21.1-1~ubuntu20.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.17",
"binary_version": "1.17.13-3ubuntu1.3"
},
{
"binary_name": "golang-1.17-go",
"binary_version": "1.17.13-3ubuntu1.3"
},
{
"binary_name": "golang-1.17-src",
"binary_version": "1.17.13-3ubuntu1.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "golang-1.17",
"purl": "pkg:deb/ubuntu/golang-1.17@1.17.13-3ubuntu1.3?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.17.13-3ubuntu1.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.17-1ubuntu2",
"1.17.3-1ubuntu1",
"1.17.3-1ubuntu2",
"1.17.13-3ubuntu1",
"1.17.13-3ubuntu1.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.18",
"binary_version": "1.18.1-1ubuntu1.2"
},
{
"binary_name": "golang-1.18-go",
"binary_version": "1.18.1-1ubuntu1.2"
},
{
"binary_name": "golang-1.18-src",
"binary_version": "1.18.1-1ubuntu1.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "golang-1.18",
"purl": "pkg:deb/ubuntu/golang-1.18@1.18.1-1ubuntu1.2?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.1-1ubuntu1.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18~beta1-0ubuntu1",
"1.18~beta2-1ubuntu1",
"1.18~beta2-1ubuntu2",
"1.18~rc1-1ubuntu1",
"1.18-1ubuntu1",
"1.18.1-1ubuntu1",
"1.18.1-1ubuntu1.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.20",
"binary_version": "1.20.3-1ubuntu0.1~22.04.1"
},
{
"binary_name": "golang-1.20-go",
"binary_version": "1.20.3-1ubuntu0.1~22.04.1"
},
{
"binary_name": "golang-1.20-src",
"binary_version": "1.20.3-1ubuntu0.1~22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "golang-1.20",
"purl": "pkg:deb/ubuntu/golang-1.20@1.20.3-1ubuntu0.1~22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.20.3-1ubuntu0.1~22.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.20.3-1ubuntu0.1~22.04"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.21",
"binary_version": "1.21.1-1~ubuntu22.04.2"
},
{
"binary_name": "golang-1.21-go",
"binary_version": "1.21.1-1~ubuntu22.04.2"
},
{
"binary_name": "golang-1.21-src",
"binary_version": "1.21.1-1~ubuntu22.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "golang-1.21",
"purl": "pkg:deb/ubuntu/golang-1.21@1.21.1-1~ubuntu22.04.2?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.21.1-1~ubuntu22.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.21.1-1~ubuntu22.04.1"
]
}
],
"aliases": [],
"details": "Line directives (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.",
"id": "UBUNTU-CVE-2023-39323",
"modified": "2025-09-08T16:56:28Z",
"published": "2023-10-05T21:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-39323"
},
{
"type": "REPORT",
"url": "https://go.dev/issue/63211"
},
{
"type": "REPORT",
"url": "https://go.dev/cl/533215"
},
{
"type": "REPORT",
"url": "https://groups.google.com/g/golang-announce/c/XBa1oHDevAo"
},
{
"type": "REPORT",
"url": "https://pkg.go.dev/vuln/GO-2023-2095"
},
{
"type": "REPORT",
"url": "https://github.com/golang/go/commit/2ddfc04d12da7028334ab4f8effbc3a78b92d9d2"
},
{
"type": "REPORT",
"url": "https://github.com/golang/go/commit/31d5b604ac0adb58aec4870ac1b974c08312fd49"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6574-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39323"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7109-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7111-1"
}
],
"related": [
"USN-6574-1",
"USN-7109-1",
"USN-7111-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2023-39323"
]
}
ubuntu-cve-2023-45288
Vulnerability from osv_ubuntu
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.
| URL | Type | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.10",
"binary_version": "1.10.4-2ubuntu1~14.04.1"
},
{
"binary_name": "golang-1.10-go",
"binary_version": "1.10.4-2ubuntu1~14.04.1"
},
{
"binary_name": "golang-1.10-src",
"binary_version": "1.10.4-2ubuntu1~14.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "golang-1.10",
"purl": "pkg:deb/ubuntu/golang-1.10@1.10.4-2ubuntu1~14.04.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.10.4-2ubuntu1~14.04.1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-1.18",
"binary_version": "1.18.1-1ubuntu1~16.04.6+esm1"
},
{
"binary_name": "golang-1.18-go",
"binary_version": "1.18.1-1ubuntu1~16.04.6+esm1"
},
{
"binary_name": "golang-1.18-src",
"binary_version": "1.18.1-1ubuntu1~16.04.6+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "golang-1.18",
"purl": "pkg:deb/ubuntu/golang-1.18@1.18.1-1ubuntu1~16.04.6+esm1?arch=source\u0026distro=esm-apps/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.1-1ubuntu1~16.04.6+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18.1-1ubuntu1~16.04.6"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.10",
"binary_version": "1.10.4-2ubuntu1~16.04.2"
},
{
"binary_name": "golang-1.10-go",
"binary_version": "1.10.4-2ubuntu1~16.04.2"
},
{
"binary_name": "golang-1.10-src",
"binary_version": "1.10.4-2ubuntu1~16.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "golang-1.10",
"purl": "pkg:deb/ubuntu/golang-1.10@1.10.4-2ubuntu1~16.04.2?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.10.4-2ubuntu1~16.04.1",
"1.10.4-2ubuntu1~16.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.6",
"binary_version": "1.6.2-0ubuntu5~16.04.4"
},
{
"binary_name": "golang-1.6-go",
"binary_version": "1.6.2-0ubuntu5~16.04.4"
},
{
"binary_name": "golang-1.6-src",
"binary_version": "1.6.2-0ubuntu5~16.04.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "golang-1.6",
"purl": "pkg:deb/ubuntu/golang-1.6@1.6.2-0ubuntu5~16.04.4?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.6-0ubuntu1",
"1.6-0ubuntu2",
"1.6-0ubuntu3",
"1.6-0ubuntu4",
"1.6-0ubuntu5",
"1.6.1-0ubuntu1",
"1.6.2-0ubuntu5~16.04",
"1.6.2-0ubuntu5~16.04.2",
"1.6.2-0ubuntu5~16.04.3",
"1.6.2-0ubuntu5~16.04.4"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.13",
"binary_version": "1.13.8-1ubuntu1~16.04.3+esm3"
},
{
"binary_name": "golang-1.13-go",
"binary_version": "1.13.8-1ubuntu1~16.04.3+esm3"
},
{
"binary_name": "golang-1.13-src",
"binary_version": "1.13.8-1ubuntu1~16.04.3+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "golang-1.13",
"purl": "pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu1~16.04.3+esm3?arch=source\u0026distro=esm-apps/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.13.8-1ubuntu1~16.04.2",
"1.13.8-1ubuntu1~16.04.3",
"1.13.8-1ubuntu1~16.04.3+esm2",
"1.13.8-1ubuntu1~16.04.3+esm3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.10",
"binary_version": "1.10.4-2ubuntu1~18.04.2"
},
{
"binary_name": "golang-1.10-go",
"binary_version": "1.10.4-2ubuntu1~18.04.2"
},
{
"binary_name": "golang-1.10-src",
"binary_version": "1.10.4-2ubuntu1~18.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "golang-1.10",
"purl": "pkg:deb/ubuntu/golang-1.10@1.10.4-2ubuntu1~18.04.2?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.10~rc1-1",
"1.10~rc1-1ubuntu1",
"1.10~rc1-2ubuntu1",
"1.10~rc2-1ubuntu1",
"1.10-1ubuntu1",
"1.10.1-1ubuntu2",
"1.10.4-2ubuntu1~18.04.1",
"1.10.4-2ubuntu1~18.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.13",
"binary_version": "1.13.8-1ubuntu1~18.04.4+esm1"
},
{
"binary_name": "golang-1.13-go",
"binary_version": "1.13.8-1ubuntu1~18.04.4+esm1"
},
{
"binary_name": "golang-1.13-src",
"binary_version": "1.13.8-1ubuntu1~18.04.4+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "golang-1.13",
"purl": "pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu1~18.04.4+esm1?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.13.8-1ubuntu1~18.04.2",
"1.13.8-1ubuntu1~18.04.3",
"1.13.8-1ubuntu1~18.04.4",
"1.13.8-1ubuntu1~18.04.4+esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.16",
"binary_version": "1.16.2-0ubuntu1~18.04.2+esm1"
},
{
"binary_name": "golang-1.16-go",
"binary_version": "1.16.2-0ubuntu1~18.04.2+esm1"
},
{
"binary_name": "golang-1.16-src",
"binary_version": "1.16.2-0ubuntu1~18.04.2+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "golang-1.16",
"purl": "pkg:deb/ubuntu/golang-1.16@1.16.2-0ubuntu1~18.04.2+esm1?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.16.2-0ubuntu1~18.04.2",
"1.16.2-0ubuntu1~18.04.2+esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-1.18",
"binary_version": "1.18.1-1ubuntu1~18.04.4+esm1"
},
{
"binary_name": "golang-1.18-go",
"binary_version": "1.18.1-1ubuntu1~18.04.4+esm1"
},
{
"binary_name": "golang-1.18-src",
"binary_version": "1.18.1-1ubuntu1~18.04.4+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "golang-1.18",
"purl": "pkg:deb/ubuntu/golang-1.18@1.18.1-1ubuntu1~18.04.4+esm1?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.1-1ubuntu1~18.04.4+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18.1-1ubuntu1~18.04.3",
"1.18.1-1ubuntu1~18.04.4"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.8",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
},
{
"binary_name": "golang-1.8-go",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
},
{
"binary_name": "golang-1.8-go-shared-dev",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
},
{
"binary_name": "golang-1.8-src",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
},
{
"binary_name": "libgolang-1.8-std1",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "golang-1.8",
"purl": "pkg:deb/ubuntu/golang-1.8@1.8.3-2ubuntu1.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.8.3-2ubuntu1",
"1.8.3-2ubuntu1.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.9",
"binary_version": "1.9.4-1ubuntu1"
},
{
"binary_name": "golang-1.9-go",
"binary_version": "1.9.4-1ubuntu1"
},
{
"binary_name": "golang-1.9-src",
"binary_version": "1.9.4-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "golang-1.9",
"purl": "pkg:deb/ubuntu/golang-1.9@1.9.4-1ubuntu1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.9.1-2ubuntu1",
"1.9.2-1ubuntu1",
"1.9.2-3ubuntu1",
"1.9.3-1ubuntu1",
"1.9.4-1ubuntu1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.18",
"binary_version": "1.18.1-1ubuntu1~20.04.3"
},
{
"binary_name": "golang-1.18-go",
"binary_version": "1.18.1-1ubuntu1~20.04.3"
},
{
"binary_name": "golang-1.18-src",
"binary_version": "1.18.1-1ubuntu1~20.04.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.18",
"purl": "pkg:deb/ubuntu/golang-1.18@1.18.1-1ubuntu1~20.04.3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.1-1ubuntu1~20.04.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18.1-1ubuntu1~20.04.1",
"1.18.1-1ubuntu1~20.04.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.21",
"binary_version": "1.21.1-1~ubuntu20.04.3"
},
{
"binary_name": "golang-1.21-go",
"binary_version": "1.21.1-1~ubuntu20.04.3"
},
{
"binary_name": "golang-1.21-src",
"binary_version": "1.21.1-1~ubuntu20.04.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.21",
"purl": "pkg:deb/ubuntu/golang-1.21@1.21.1-1~ubuntu20.04.3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.21.1-1~ubuntu20.04.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.21.1-1~ubuntu20.04.1",
"1.21.1-1~ubuntu20.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.13",
"binary_version": "1.13.8-1ubuntu1.2"
},
{
"binary_name": "golang-1.13-go",
"binary_version": "1.13.8-1ubuntu1.2"
},
{
"binary_name": "golang-1.13-src",
"binary_version": "1.13.8-1ubuntu1.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.13",
"purl": "pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu1.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.13.1-1ubuntu1",
"1.13.3-1ubuntu1",
"1.13.4-1ubuntu1",
"1.13.5-1ubuntu1",
"1.13.6-1ubuntu1",
"1.13.6-2ubuntu1",
"1.13.7-1ubuntu1",
"1.13.8-1ubuntu1",
"1.13.8-1ubuntu1.1",
"1.13.8-1ubuntu1.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.14",
"binary_version": "1.14.3-2ubuntu2~20.04.2"
},
{
"binary_name": "golang-1.14-go",
"binary_version": "1.14.3-2ubuntu2~20.04.2"
},
{
"binary_name": "golang-1.14-src",
"binary_version": "1.14.3-2ubuntu2~20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.14",
"purl": "pkg:deb/ubuntu/golang-1.14@1.14.3-2ubuntu2~20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.14~beta1-1",
"1.14~beta1-2",
"1.14~rc1-1",
"1.14-1",
"1.14.1-1",
"1.14.2-1",
"1.14.2-1ubuntu1",
"1.14.3-2ubuntu2~20.04.1",
"1.14.3-2ubuntu2~20.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.16",
"binary_version": "1.16.2-0ubuntu1~20.04.1+esm1"
},
{
"binary_name": "golang-1.16-go",
"binary_version": "1.16.2-0ubuntu1~20.04.1+esm1"
},
{
"binary_name": "golang-1.16-src",
"binary_version": "1.16.2-0ubuntu1~20.04.1+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "golang-1.16",
"purl": "pkg:deb/ubuntu/golang-1.16@1.16.2-0ubuntu1~20.04.1+esm1?arch=source\u0026distro=esm-apps/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.16.2-0ubuntu1~20.04",
"1.16.2-0ubuntu1~20.04.1",
"1.16.2-0ubuntu1~20.04.1+esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.20",
"binary_version": "1.20.3-1ubuntu0.1~20.04.1"
},
{
"binary_name": "golang-1.20-go",
"binary_version": "1.20.3-1ubuntu0.1~20.04.1"
},
{
"binary_name": "golang-1.20-src",
"binary_version": "1.20.3-1ubuntu0.1~20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.20",
"purl": "pkg:deb/ubuntu/golang-1.20@1.20.3-1ubuntu0.1~20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.20.3-1ubuntu0.1~20.04",
"1.20.3-1ubuntu0.1~20.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.17",
"binary_version": "1.17.13-3ubuntu1.3"
},
{
"binary_name": "golang-1.17-go",
"binary_version": "1.17.13-3ubuntu1.3"
},
{
"binary_name": "golang-1.17-src",
"binary_version": "1.17.13-3ubuntu1.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "golang-1.17",
"purl": "pkg:deb/ubuntu/golang-1.17@1.17.13-3ubuntu1.3?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.17.13-3ubuntu1.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.17-1ubuntu2",
"1.17.3-1ubuntu1",
"1.17.3-1ubuntu2",
"1.17.13-3ubuntu1",
"1.17.13-3ubuntu1.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.18",
"binary_version": "1.18.1-1ubuntu1.2"
},
{
"binary_name": "golang-1.18-go",
"binary_version": "1.18.1-1ubuntu1.2"
},
{
"binary_name": "golang-1.18-src",
"binary_version": "1.18.1-1ubuntu1.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "golang-1.18",
"purl": "pkg:deb/ubuntu/golang-1.18@1.18.1-1ubuntu1.2?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.1-1ubuntu1.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18~beta1-0ubuntu1",
"1.18~beta2-1ubuntu1",
"1.18~beta2-1ubuntu2",
"1.18~rc1-1ubuntu1",
"1.18-1ubuntu1",
"1.18.1-1ubuntu1",
"1.18.1-1ubuntu1.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.20",
"binary_version": "1.20.3-1ubuntu0.1~22.04.1"
},
{
"binary_name": "golang-1.20-go",
"binary_version": "1.20.3-1ubuntu0.1~22.04.1"
},
{
"binary_name": "golang-1.20-src",
"binary_version": "1.20.3-1ubuntu0.1~22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "golang-1.20",
"purl": "pkg:deb/ubuntu/golang-1.20@1.20.3-1ubuntu0.1~22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.20.3-1ubuntu0.1~22.04",
"1.20.3-1ubuntu0.1~22.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.21",
"binary_version": "1.21.1-1~ubuntu22.04.3"
},
{
"binary_name": "golang-1.21-go",
"binary_version": "1.21.1-1~ubuntu22.04.3"
},
{
"binary_name": "golang-1.21-src",
"binary_version": "1.21.1-1~ubuntu22.04.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "golang-1.21",
"purl": "pkg:deb/ubuntu/golang-1.21@1.21.1-1~ubuntu22.04.3?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.21.1-1~ubuntu22.04.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.21.1-1~ubuntu22.04.1",
"1.21.1-1~ubuntu22.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.13",
"binary_version": "1.13.8-1ubuntu2.22.04.2"
},
{
"binary_name": "golang-1.13-go",
"binary_version": "1.13.8-1ubuntu2.22.04.2"
},
{
"binary_name": "golang-1.13-src",
"binary_version": "1.13.8-1ubuntu2.22.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:22.04:LTS",
"name": "golang-1.13",
"purl": "pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu2.22.04.2?arch=source\u0026distro=esm-apps/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.13.8-1ubuntu2",
"1.13.8-1ubuntu2.22.04.1",
"1.13.8-1ubuntu2.22.04.1+esm1",
"1.13.8-1ubuntu2.22.04.2"
]
}
],
"aliases": [],
"details": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request\u0027s headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.",
"id": "UBUNTU-CVE-2023-45288",
"modified": "2026-05-20T15:02:53Z",
"published": "2024-03-27T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-45288"
},
{
"type": "REPORT",
"url": "https://kb.cert.org/vuls/id/421644"
},
{
"type": "REPORT",
"url": "https://go.dev/cl/576155"
},
{
"type": "REPORT",
"url": "https://pkg.go.dev/vuln/GO-2024-2687"
},
{
"type": "REPORT",
"url": "https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6886-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7109-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7111-1"
}
],
"related": [
"USN-6886-1",
"USN-7109-1",
"USN-7111-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2023-45288"
]
}
ubuntu-cve-2023-45290
Vulnerability from osv_ubuntu
When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.
| URL | Type | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.10",
"binary_version": "1.10.4-2ubuntu1~14.04.1"
},
{
"binary_name": "golang-1.10-go",
"binary_version": "1.10.4-2ubuntu1~14.04.1"
},
{
"binary_name": "golang-1.10-src",
"binary_version": "1.10.4-2ubuntu1~14.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "golang-1.10",
"purl": "pkg:deb/ubuntu/golang-1.10@1.10.4-2ubuntu1~14.04.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.10.4-2ubuntu1~14.04.1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-1.18",
"binary_version": "1.18.1-1ubuntu1~16.04.6+esm1"
},
{
"binary_name": "golang-1.18-go",
"binary_version": "1.18.1-1ubuntu1~16.04.6+esm1"
},
{
"binary_name": "golang-1.18-src",
"binary_version": "1.18.1-1ubuntu1~16.04.6+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "golang-1.18",
"purl": "pkg:deb/ubuntu/golang-1.18@1.18.1-1ubuntu1~16.04.6+esm1?arch=source\u0026distro=esm-apps/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.1-1ubuntu1~16.04.6+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18.1-1ubuntu1~16.04.6"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.10",
"binary_version": "1.10.4-2ubuntu1~16.04.2"
},
{
"binary_name": "golang-1.10-go",
"binary_version": "1.10.4-2ubuntu1~16.04.2"
},
{
"binary_name": "golang-1.10-src",
"binary_version": "1.10.4-2ubuntu1~16.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "golang-1.10",
"purl": "pkg:deb/ubuntu/golang-1.10@1.10.4-2ubuntu1~16.04.2?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.10.4-2ubuntu1~16.04.1",
"1.10.4-2ubuntu1~16.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.6",
"binary_version": "1.6.2-0ubuntu5~16.04.4"
},
{
"binary_name": "golang-1.6-go",
"binary_version": "1.6.2-0ubuntu5~16.04.4"
},
{
"binary_name": "golang-1.6-src",
"binary_version": "1.6.2-0ubuntu5~16.04.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "golang-1.6",
"purl": "pkg:deb/ubuntu/golang-1.6@1.6.2-0ubuntu5~16.04.4?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.6-0ubuntu1",
"1.6-0ubuntu2",
"1.6-0ubuntu3",
"1.6-0ubuntu4",
"1.6-0ubuntu5",
"1.6.1-0ubuntu1",
"1.6.2-0ubuntu5~16.04",
"1.6.2-0ubuntu5~16.04.2",
"1.6.2-0ubuntu5~16.04.3",
"1.6.2-0ubuntu5~16.04.4"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.13",
"binary_version": "1.13.8-1ubuntu1~16.04.3+esm3"
},
{
"binary_name": "golang-1.13-go",
"binary_version": "1.13.8-1ubuntu1~16.04.3+esm3"
},
{
"binary_name": "golang-1.13-src",
"binary_version": "1.13.8-1ubuntu1~16.04.3+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "golang-1.13",
"purl": "pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu1~16.04.3+esm3?arch=source\u0026distro=esm-apps/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.13.8-1ubuntu1~16.04.2",
"1.13.8-1ubuntu1~16.04.3",
"1.13.8-1ubuntu1~16.04.3+esm2",
"1.13.8-1ubuntu1~16.04.3+esm3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.10",
"binary_version": "1.10.4-2ubuntu1~18.04.2"
},
{
"binary_name": "golang-1.10-go",
"binary_version": "1.10.4-2ubuntu1~18.04.2"
},
{
"binary_name": "golang-1.10-src",
"binary_version": "1.10.4-2ubuntu1~18.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "golang-1.10",
"purl": "pkg:deb/ubuntu/golang-1.10@1.10.4-2ubuntu1~18.04.2?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.10~rc1-1",
"1.10~rc1-1ubuntu1",
"1.10~rc1-2ubuntu1",
"1.10~rc2-1ubuntu1",
"1.10-1ubuntu1",
"1.10.1-1ubuntu2",
"1.10.4-2ubuntu1~18.04.1",
"1.10.4-2ubuntu1~18.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.13",
"binary_version": "1.13.8-1ubuntu1~18.04.4+esm1"
},
{
"binary_name": "golang-1.13-go",
"binary_version": "1.13.8-1ubuntu1~18.04.4+esm1"
},
{
"binary_name": "golang-1.13-src",
"binary_version": "1.13.8-1ubuntu1~18.04.4+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "golang-1.13",
"purl": "pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu1~18.04.4+esm1?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.13.8-1ubuntu1~18.04.2",
"1.13.8-1ubuntu1~18.04.3",
"1.13.8-1ubuntu1~18.04.4",
"1.13.8-1ubuntu1~18.04.4+esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.16",
"binary_version": "1.16.2-0ubuntu1~18.04.2+esm1"
},
{
"binary_name": "golang-1.16-go",
"binary_version": "1.16.2-0ubuntu1~18.04.2+esm1"
},
{
"binary_name": "golang-1.16-src",
"binary_version": "1.16.2-0ubuntu1~18.04.2+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "golang-1.16",
"purl": "pkg:deb/ubuntu/golang-1.16@1.16.2-0ubuntu1~18.04.2+esm1?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.16.2-0ubuntu1~18.04.2",
"1.16.2-0ubuntu1~18.04.2+esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-1.18",
"binary_version": "1.18.1-1ubuntu1~18.04.4+esm1"
},
{
"binary_name": "golang-1.18-go",
"binary_version": "1.18.1-1ubuntu1~18.04.4+esm1"
},
{
"binary_name": "golang-1.18-src",
"binary_version": "1.18.1-1ubuntu1~18.04.4+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "golang-1.18",
"purl": "pkg:deb/ubuntu/golang-1.18@1.18.1-1ubuntu1~18.04.4+esm1?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.1-1ubuntu1~18.04.4+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18.1-1ubuntu1~18.04.3",
"1.18.1-1ubuntu1~18.04.4"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.8",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
},
{
"binary_name": "golang-1.8-go",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
},
{
"binary_name": "golang-1.8-go-shared-dev",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
},
{
"binary_name": "golang-1.8-src",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
},
{
"binary_name": "libgolang-1.8-std1",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "golang-1.8",
"purl": "pkg:deb/ubuntu/golang-1.8@1.8.3-2ubuntu1.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.8.3-2ubuntu1",
"1.8.3-2ubuntu1.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.9",
"binary_version": "1.9.4-1ubuntu1"
},
{
"binary_name": "golang-1.9-go",
"binary_version": "1.9.4-1ubuntu1"
},
{
"binary_name": "golang-1.9-src",
"binary_version": "1.9.4-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "golang-1.9",
"purl": "pkg:deb/ubuntu/golang-1.9@1.9.4-1ubuntu1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.9.1-2ubuntu1",
"1.9.2-1ubuntu1",
"1.9.2-3ubuntu1",
"1.9.3-1ubuntu1",
"1.9.4-1ubuntu1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.18",
"binary_version": "1.18.1-1ubuntu1~20.04.3"
},
{
"binary_name": "golang-1.18-go",
"binary_version": "1.18.1-1ubuntu1~20.04.3"
},
{
"binary_name": "golang-1.18-src",
"binary_version": "1.18.1-1ubuntu1~20.04.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.18",
"purl": "pkg:deb/ubuntu/golang-1.18@1.18.1-1ubuntu1~20.04.3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.1-1ubuntu1~20.04.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18.1-1ubuntu1~20.04.1",
"1.18.1-1ubuntu1~20.04.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.21",
"binary_version": "1.21.1-1~ubuntu20.04.3"
},
{
"binary_name": "golang-1.21-go",
"binary_version": "1.21.1-1~ubuntu20.04.3"
},
{
"binary_name": "golang-1.21-src",
"binary_version": "1.21.1-1~ubuntu20.04.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.21",
"purl": "pkg:deb/ubuntu/golang-1.21@1.21.1-1~ubuntu20.04.3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.21.1-1~ubuntu20.04.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.21.1-1~ubuntu20.04.1",
"1.21.1-1~ubuntu20.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.13",
"binary_version": "1.13.8-1ubuntu1.2"
},
{
"binary_name": "golang-1.13-go",
"binary_version": "1.13.8-1ubuntu1.2"
},
{
"binary_name": "golang-1.13-src",
"binary_version": "1.13.8-1ubuntu1.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.13",
"purl": "pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu1.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.13.1-1ubuntu1",
"1.13.3-1ubuntu1",
"1.13.4-1ubuntu1",
"1.13.5-1ubuntu1",
"1.13.6-1ubuntu1",
"1.13.6-2ubuntu1",
"1.13.7-1ubuntu1",
"1.13.8-1ubuntu1",
"1.13.8-1ubuntu1.1",
"1.13.8-1ubuntu1.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.14",
"binary_version": "1.14.3-2ubuntu2~20.04.2"
},
{
"binary_name": "golang-1.14-go",
"binary_version": "1.14.3-2ubuntu2~20.04.2"
},
{
"binary_name": "golang-1.14-src",
"binary_version": "1.14.3-2ubuntu2~20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.14",
"purl": "pkg:deb/ubuntu/golang-1.14@1.14.3-2ubuntu2~20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.14~beta1-1",
"1.14~beta1-2",
"1.14~rc1-1",
"1.14-1",
"1.14.1-1",
"1.14.2-1",
"1.14.2-1ubuntu1",
"1.14.3-2ubuntu2~20.04.1",
"1.14.3-2ubuntu2~20.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.16",
"binary_version": "1.16.2-0ubuntu1~20.04.1+esm1"
},
{
"binary_name": "golang-1.16-go",
"binary_version": "1.16.2-0ubuntu1~20.04.1+esm1"
},
{
"binary_name": "golang-1.16-src",
"binary_version": "1.16.2-0ubuntu1~20.04.1+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "golang-1.16",
"purl": "pkg:deb/ubuntu/golang-1.16@1.16.2-0ubuntu1~20.04.1+esm1?arch=source\u0026distro=esm-apps/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.16.2-0ubuntu1~20.04",
"1.16.2-0ubuntu1~20.04.1",
"1.16.2-0ubuntu1~20.04.1+esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.20",
"binary_version": "1.20.3-1ubuntu0.1~20.04.1"
},
{
"binary_name": "golang-1.20-go",
"binary_version": "1.20.3-1ubuntu0.1~20.04.1"
},
{
"binary_name": "golang-1.20-src",
"binary_version": "1.20.3-1ubuntu0.1~20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.20",
"purl": "pkg:deb/ubuntu/golang-1.20@1.20.3-1ubuntu0.1~20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.20.3-1ubuntu0.1~20.04",
"1.20.3-1ubuntu0.1~20.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.17",
"binary_version": "1.17.13-3ubuntu1.3"
},
{
"binary_name": "golang-1.17-go",
"binary_version": "1.17.13-3ubuntu1.3"
},
{
"binary_name": "golang-1.17-src",
"binary_version": "1.17.13-3ubuntu1.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "golang-1.17",
"purl": "pkg:deb/ubuntu/golang-1.17@1.17.13-3ubuntu1.3?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.17.13-3ubuntu1.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.17-1ubuntu2",
"1.17.3-1ubuntu1",
"1.17.3-1ubuntu2",
"1.17.13-3ubuntu1",
"1.17.13-3ubuntu1.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.18",
"binary_version": "1.18.1-1ubuntu1.2"
},
{
"binary_name": "golang-1.18-go",
"binary_version": "1.18.1-1ubuntu1.2"
},
{
"binary_name": "golang-1.18-src",
"binary_version": "1.18.1-1ubuntu1.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "golang-1.18",
"purl": "pkg:deb/ubuntu/golang-1.18@1.18.1-1ubuntu1.2?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.1-1ubuntu1.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18~beta1-0ubuntu1",
"1.18~beta2-1ubuntu1",
"1.18~beta2-1ubuntu2",
"1.18~rc1-1ubuntu1",
"1.18-1ubuntu1",
"1.18.1-1ubuntu1",
"1.18.1-1ubuntu1.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.20",
"binary_version": "1.20.3-1ubuntu0.1~22.04.1"
},
{
"binary_name": "golang-1.20-go",
"binary_version": "1.20.3-1ubuntu0.1~22.04.1"
},
{
"binary_name": "golang-1.20-src",
"binary_version": "1.20.3-1ubuntu0.1~22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "golang-1.20",
"purl": "pkg:deb/ubuntu/golang-1.20@1.20.3-1ubuntu0.1~22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.20.3-1ubuntu0.1~22.04",
"1.20.3-1ubuntu0.1~22.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.21",
"binary_version": "1.21.1-1~ubuntu22.04.3"
},
{
"binary_name": "golang-1.21-go",
"binary_version": "1.21.1-1~ubuntu22.04.3"
},
{
"binary_name": "golang-1.21-src",
"binary_version": "1.21.1-1~ubuntu22.04.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "golang-1.21",
"purl": "pkg:deb/ubuntu/golang-1.21@1.21.1-1~ubuntu22.04.3?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.21.1-1~ubuntu22.04.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.21.1-1~ubuntu22.04.1",
"1.21.1-1~ubuntu22.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.13",
"binary_version": "1.13.8-1ubuntu2.22.04.2"
},
{
"binary_name": "golang-1.13-go",
"binary_version": "1.13.8-1ubuntu2.22.04.2"
},
{
"binary_name": "golang-1.13-src",
"binary_version": "1.13.8-1ubuntu2.22.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:22.04:LTS",
"name": "golang-1.13",
"purl": "pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu2.22.04.2?arch=source\u0026distro=esm-apps/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.13.8-1ubuntu2",
"1.13.8-1ubuntu2.22.04.1",
"1.13.8-1ubuntu2.22.04.1+esm1",
"1.13.8-1ubuntu2.22.04.2"
]
}
],
"aliases": [],
"details": "When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.",
"id": "UBUNTU-CVE-2023-45290",
"modified": "2026-05-20T15:02:53Z",
"published": "2024-03-05T23:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-45290"
},
{
"type": "REPORT",
"url": "https://github.com/golang/go/issues/65383"
},
{
"type": "REPORT",
"url": "https://github.com/golang/go/commit/041a47712e765e94f86d841c3110c840e76d8f82"
},
{
"type": "REPORT",
"url": "https://github.com/golang/go/commit/bf80213b121074f4ad9b449410a4d13bae5e9be0"
},
{
"type": "REPORT",
"url": "https://go.dev/issue/65383"
},
{
"type": "REPORT",
"url": "https://go.dev/cl/569341"
},
{
"type": "REPORT",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"type": "REPORT",
"url": "https://pkg.go.dev/vuln/GO-2024-2599"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45290"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6886-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7109-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7111-1"
}
],
"related": [
"USN-6886-1",
"USN-7109-1",
"USN-7111-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2023-45290"
]
}
ubuntu-cve-2024-24783
Vulnerability from osv_ubuntu
Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.
| URL | Type | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.10",
"binary_version": "1.10.4-2ubuntu1~14.04.1"
},
{
"binary_name": "golang-1.10-go",
"binary_version": "1.10.4-2ubuntu1~14.04.1"
},
{
"binary_name": "golang-1.10-src",
"binary_version": "1.10.4-2ubuntu1~14.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "golang-1.10",
"purl": "pkg:deb/ubuntu/golang-1.10@1.10.4-2ubuntu1~14.04.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.10.4-2ubuntu1~14.04.1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-1.18",
"binary_version": "1.18.1-1ubuntu1~16.04.6+esm1"
},
{
"binary_name": "golang-1.18-go",
"binary_version": "1.18.1-1ubuntu1~16.04.6+esm1"
},
{
"binary_name": "golang-1.18-src",
"binary_version": "1.18.1-1ubuntu1~16.04.6+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "golang-1.18",
"purl": "pkg:deb/ubuntu/golang-1.18@1.18.1-1ubuntu1~16.04.6+esm1?arch=source\u0026distro=esm-apps/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.1-1ubuntu1~16.04.6+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18.1-1ubuntu1~16.04.6"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.10",
"binary_version": "1.10.4-2ubuntu1~16.04.2"
},
{
"binary_name": "golang-1.10-go",
"binary_version": "1.10.4-2ubuntu1~16.04.2"
},
{
"binary_name": "golang-1.10-src",
"binary_version": "1.10.4-2ubuntu1~16.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "golang-1.10",
"purl": "pkg:deb/ubuntu/golang-1.10@1.10.4-2ubuntu1~16.04.2?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.10.4-2ubuntu1~16.04.1",
"1.10.4-2ubuntu1~16.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.6",
"binary_version": "1.6.2-0ubuntu5~16.04.4"
},
{
"binary_name": "golang-1.6-go",
"binary_version": "1.6.2-0ubuntu5~16.04.4"
},
{
"binary_name": "golang-1.6-src",
"binary_version": "1.6.2-0ubuntu5~16.04.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "golang-1.6",
"purl": "pkg:deb/ubuntu/golang-1.6@1.6.2-0ubuntu5~16.04.4?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.6-0ubuntu1",
"1.6-0ubuntu2",
"1.6-0ubuntu3",
"1.6-0ubuntu4",
"1.6-0ubuntu5",
"1.6.1-0ubuntu1",
"1.6.2-0ubuntu5~16.04",
"1.6.2-0ubuntu5~16.04.2",
"1.6.2-0ubuntu5~16.04.3",
"1.6.2-0ubuntu5~16.04.4"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.13",
"binary_version": "1.13.8-1ubuntu1~16.04.3+esm3"
},
{
"binary_name": "golang-1.13-go",
"binary_version": "1.13.8-1ubuntu1~16.04.3+esm3"
},
{
"binary_name": "golang-1.13-src",
"binary_version": "1.13.8-1ubuntu1~16.04.3+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "golang-1.13",
"purl": "pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu1~16.04.3+esm3?arch=source\u0026distro=esm-apps/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.13.8-1ubuntu1~16.04.2",
"1.13.8-1ubuntu1~16.04.3",
"1.13.8-1ubuntu1~16.04.3+esm2",
"1.13.8-1ubuntu1~16.04.3+esm3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.10",
"binary_version": "1.10.4-2ubuntu1~18.04.2"
},
{
"binary_name": "golang-1.10-go",
"binary_version": "1.10.4-2ubuntu1~18.04.2"
},
{
"binary_name": "golang-1.10-src",
"binary_version": "1.10.4-2ubuntu1~18.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "golang-1.10",
"purl": "pkg:deb/ubuntu/golang-1.10@1.10.4-2ubuntu1~18.04.2?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.10~rc1-1",
"1.10~rc1-1ubuntu1",
"1.10~rc1-2ubuntu1",
"1.10~rc2-1ubuntu1",
"1.10-1ubuntu1",
"1.10.1-1ubuntu2",
"1.10.4-2ubuntu1~18.04.1",
"1.10.4-2ubuntu1~18.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.13",
"binary_version": "1.13.8-1ubuntu1~18.04.4+esm1"
},
{
"binary_name": "golang-1.13-go",
"binary_version": "1.13.8-1ubuntu1~18.04.4+esm1"
},
{
"binary_name": "golang-1.13-src",
"binary_version": "1.13.8-1ubuntu1~18.04.4+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "golang-1.13",
"purl": "pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu1~18.04.4+esm1?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.13.8-1ubuntu1~18.04.2",
"1.13.8-1ubuntu1~18.04.3",
"1.13.8-1ubuntu1~18.04.4",
"1.13.8-1ubuntu1~18.04.4+esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.16",
"binary_version": "1.16.2-0ubuntu1~18.04.2+esm1"
},
{
"binary_name": "golang-1.16-go",
"binary_version": "1.16.2-0ubuntu1~18.04.2+esm1"
},
{
"binary_name": "golang-1.16-src",
"binary_version": "1.16.2-0ubuntu1~18.04.2+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "golang-1.16",
"purl": "pkg:deb/ubuntu/golang-1.16@1.16.2-0ubuntu1~18.04.2+esm1?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.16.2-0ubuntu1~18.04.2",
"1.16.2-0ubuntu1~18.04.2+esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-1.18",
"binary_version": "1.18.1-1ubuntu1~18.04.4+esm1"
},
{
"binary_name": "golang-1.18-go",
"binary_version": "1.18.1-1ubuntu1~18.04.4+esm1"
},
{
"binary_name": "golang-1.18-src",
"binary_version": "1.18.1-1ubuntu1~18.04.4+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "golang-1.18",
"purl": "pkg:deb/ubuntu/golang-1.18@1.18.1-1ubuntu1~18.04.4+esm1?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.1-1ubuntu1~18.04.4+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18.1-1ubuntu1~18.04.3",
"1.18.1-1ubuntu1~18.04.4"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.8",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
},
{
"binary_name": "golang-1.8-go",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
},
{
"binary_name": "golang-1.8-go-shared-dev",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
},
{
"binary_name": "golang-1.8-src",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
},
{
"binary_name": "libgolang-1.8-std1",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "golang-1.8",
"purl": "pkg:deb/ubuntu/golang-1.8@1.8.3-2ubuntu1.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.8.3-2ubuntu1",
"1.8.3-2ubuntu1.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.9",
"binary_version": "1.9.4-1ubuntu1"
},
{
"binary_name": "golang-1.9-go",
"binary_version": "1.9.4-1ubuntu1"
},
{
"binary_name": "golang-1.9-src",
"binary_version": "1.9.4-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "golang-1.9",
"purl": "pkg:deb/ubuntu/golang-1.9@1.9.4-1ubuntu1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.9.1-2ubuntu1",
"1.9.2-1ubuntu1",
"1.9.2-3ubuntu1",
"1.9.3-1ubuntu1",
"1.9.4-1ubuntu1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.18",
"binary_version": "1.18.1-1ubuntu1~20.04.3"
},
{
"binary_name": "golang-1.18-go",
"binary_version": "1.18.1-1ubuntu1~20.04.3"
},
{
"binary_name": "golang-1.18-src",
"binary_version": "1.18.1-1ubuntu1~20.04.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.18",
"purl": "pkg:deb/ubuntu/golang-1.18@1.18.1-1ubuntu1~20.04.3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.1-1ubuntu1~20.04.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18.1-1ubuntu1~20.04.1",
"1.18.1-1ubuntu1~20.04.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.21",
"binary_version": "1.21.1-1~ubuntu20.04.3"
},
{
"binary_name": "golang-1.21-go",
"binary_version": "1.21.1-1~ubuntu20.04.3"
},
{
"binary_name": "golang-1.21-src",
"binary_version": "1.21.1-1~ubuntu20.04.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.21",
"purl": "pkg:deb/ubuntu/golang-1.21@1.21.1-1~ubuntu20.04.3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.21.1-1~ubuntu20.04.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.21.1-1~ubuntu20.04.1",
"1.21.1-1~ubuntu20.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.13",
"binary_version": "1.13.8-1ubuntu1.2"
},
{
"binary_name": "golang-1.13-go",
"binary_version": "1.13.8-1ubuntu1.2"
},
{
"binary_name": "golang-1.13-src",
"binary_version": "1.13.8-1ubuntu1.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.13",
"purl": "pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu1.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.13.1-1ubuntu1",
"1.13.3-1ubuntu1",
"1.13.4-1ubuntu1",
"1.13.5-1ubuntu1",
"1.13.6-1ubuntu1",
"1.13.6-2ubuntu1",
"1.13.7-1ubuntu1",
"1.13.8-1ubuntu1",
"1.13.8-1ubuntu1.1",
"1.13.8-1ubuntu1.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.14",
"binary_version": "1.14.3-2ubuntu2~20.04.2"
},
{
"binary_name": "golang-1.14-go",
"binary_version": "1.14.3-2ubuntu2~20.04.2"
},
{
"binary_name": "golang-1.14-src",
"binary_version": "1.14.3-2ubuntu2~20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.14",
"purl": "pkg:deb/ubuntu/golang-1.14@1.14.3-2ubuntu2~20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.14~beta1-1",
"1.14~beta1-2",
"1.14~rc1-1",
"1.14-1",
"1.14.1-1",
"1.14.2-1",
"1.14.2-1ubuntu1",
"1.14.3-2ubuntu2~20.04.1",
"1.14.3-2ubuntu2~20.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.16",
"binary_version": "1.16.2-0ubuntu1~20.04.1+esm1"
},
{
"binary_name": "golang-1.16-go",
"binary_version": "1.16.2-0ubuntu1~20.04.1+esm1"
},
{
"binary_name": "golang-1.16-src",
"binary_version": "1.16.2-0ubuntu1~20.04.1+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "golang-1.16",
"purl": "pkg:deb/ubuntu/golang-1.16@1.16.2-0ubuntu1~20.04.1+esm1?arch=source\u0026distro=esm-apps/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.16.2-0ubuntu1~20.04",
"1.16.2-0ubuntu1~20.04.1",
"1.16.2-0ubuntu1~20.04.1+esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.20",
"binary_version": "1.20.3-1ubuntu0.1~20.04.1"
},
{
"binary_name": "golang-1.20-go",
"binary_version": "1.20.3-1ubuntu0.1~20.04.1"
},
{
"binary_name": "golang-1.20-src",
"binary_version": "1.20.3-1ubuntu0.1~20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.20",
"purl": "pkg:deb/ubuntu/golang-1.20@1.20.3-1ubuntu0.1~20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.20.3-1ubuntu0.1~20.04",
"1.20.3-1ubuntu0.1~20.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.17",
"binary_version": "1.17.13-3ubuntu1.3"
},
{
"binary_name": "golang-1.17-go",
"binary_version": "1.17.13-3ubuntu1.3"
},
{
"binary_name": "golang-1.17-src",
"binary_version": "1.17.13-3ubuntu1.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "golang-1.17",
"purl": "pkg:deb/ubuntu/golang-1.17@1.17.13-3ubuntu1.3?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.17.13-3ubuntu1.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.17-1ubuntu2",
"1.17.3-1ubuntu1",
"1.17.3-1ubuntu2",
"1.17.13-3ubuntu1",
"1.17.13-3ubuntu1.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.18",
"binary_version": "1.18.1-1ubuntu1.2"
},
{
"binary_name": "golang-1.18-go",
"binary_version": "1.18.1-1ubuntu1.2"
},
{
"binary_name": "golang-1.18-src",
"binary_version": "1.18.1-1ubuntu1.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "golang-1.18",
"purl": "pkg:deb/ubuntu/golang-1.18@1.18.1-1ubuntu1.2?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.1-1ubuntu1.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18~beta1-0ubuntu1",
"1.18~beta2-1ubuntu1",
"1.18~beta2-1ubuntu2",
"1.18~rc1-1ubuntu1",
"1.18-1ubuntu1",
"1.18.1-1ubuntu1",
"1.18.1-1ubuntu1.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.20",
"binary_version": "1.20.3-1ubuntu0.1~22.04.1"
},
{
"binary_name": "golang-1.20-go",
"binary_version": "1.20.3-1ubuntu0.1~22.04.1"
},
{
"binary_name": "golang-1.20-src",
"binary_version": "1.20.3-1ubuntu0.1~22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "golang-1.20",
"purl": "pkg:deb/ubuntu/golang-1.20@1.20.3-1ubuntu0.1~22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.20.3-1ubuntu0.1~22.04",
"1.20.3-1ubuntu0.1~22.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.21",
"binary_version": "1.21.1-1~ubuntu22.04.3"
},
{
"binary_name": "golang-1.21-go",
"binary_version": "1.21.1-1~ubuntu22.04.3"
},
{
"binary_name": "golang-1.21-src",
"binary_version": "1.21.1-1~ubuntu22.04.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "golang-1.21",
"purl": "pkg:deb/ubuntu/golang-1.21@1.21.1-1~ubuntu22.04.3?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.21.1-1~ubuntu22.04.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.21.1-1~ubuntu22.04.1",
"1.21.1-1~ubuntu22.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.13",
"binary_version": "1.13.8-1ubuntu2.22.04.2"
},
{
"binary_name": "golang-1.13-go",
"binary_version": "1.13.8-1ubuntu2.22.04.2"
},
{
"binary_name": "golang-1.13-src",
"binary_version": "1.13.8-1ubuntu2.22.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:22.04:LTS",
"name": "golang-1.13",
"purl": "pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu2.22.04.2?arch=source\u0026distro=esm-apps/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.13.8-1ubuntu2",
"1.13.8-1ubuntu2.22.04.1",
"1.13.8-1ubuntu2.22.04.1+esm1",
"1.13.8-1ubuntu2.22.04.2"
]
}
],
"aliases": [],
"details": "Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.",
"id": "UBUNTU-CVE-2024-24783",
"modified": "2026-05-20T15:07:37Z",
"published": "2024-03-05T23:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-24783"
},
{
"type": "REPORT",
"url": "https://github.com/golang/go/issues/65390"
},
{
"type": "REPORT",
"url": "https://github.com/golang/go/commit/337b8e9cbfa749d9d5c899e0dc358e2208d5e54f"
},
{
"type": "REPORT",
"url": "https://github.com/golang/go/commit/be5b52bea674190ef7de272664be6c7ae93ec5a0"
},
{
"type": "REPORT",
"url": "https://go.dev/issue/65390"
},
{
"type": "REPORT",
"url": "https://go.dev/cl/569339"
},
{
"type": "REPORT",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"type": "REPORT",
"url": "https://pkg.go.dev/vuln/GO-2024-2598"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24783"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6886-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7109-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7111-1"
}
],
"related": [
"USN-6886-1",
"USN-7109-1",
"USN-7111-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2024-24783"
]
}
ubuntu-cve-2024-24784
Vulnerability from osv_ubuntu
The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers.
| URL | Type | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.10",
"binary_version": "1.10.4-2ubuntu1~14.04.1"
},
{
"binary_name": "golang-1.10-go",
"binary_version": "1.10.4-2ubuntu1~14.04.1"
},
{
"binary_name": "golang-1.10-src",
"binary_version": "1.10.4-2ubuntu1~14.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "golang-1.10",
"purl": "pkg:deb/ubuntu/golang-1.10@1.10.4-2ubuntu1~14.04.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.10.4-2ubuntu1~14.04.1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-1.18",
"binary_version": "1.18.1-1ubuntu1~16.04.6+esm1"
},
{
"binary_name": "golang-1.18-go",
"binary_version": "1.18.1-1ubuntu1~16.04.6+esm1"
},
{
"binary_name": "golang-1.18-src",
"binary_version": "1.18.1-1ubuntu1~16.04.6+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "golang-1.18",
"purl": "pkg:deb/ubuntu/golang-1.18@1.18.1-1ubuntu1~16.04.6+esm1?arch=source\u0026distro=esm-apps/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.1-1ubuntu1~16.04.6+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18.1-1ubuntu1~16.04.6"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.10",
"binary_version": "1.10.4-2ubuntu1~16.04.2"
},
{
"binary_name": "golang-1.10-go",
"binary_version": "1.10.4-2ubuntu1~16.04.2"
},
{
"binary_name": "golang-1.10-src",
"binary_version": "1.10.4-2ubuntu1~16.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "golang-1.10",
"purl": "pkg:deb/ubuntu/golang-1.10@1.10.4-2ubuntu1~16.04.2?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.10.4-2ubuntu1~16.04.1",
"1.10.4-2ubuntu1~16.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.6",
"binary_version": "1.6.2-0ubuntu5~16.04.4"
},
{
"binary_name": "golang-1.6-go",
"binary_version": "1.6.2-0ubuntu5~16.04.4"
},
{
"binary_name": "golang-1.6-src",
"binary_version": "1.6.2-0ubuntu5~16.04.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "golang-1.6",
"purl": "pkg:deb/ubuntu/golang-1.6@1.6.2-0ubuntu5~16.04.4?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.6-0ubuntu1",
"1.6-0ubuntu2",
"1.6-0ubuntu3",
"1.6-0ubuntu4",
"1.6-0ubuntu5",
"1.6.1-0ubuntu1",
"1.6.2-0ubuntu5~16.04",
"1.6.2-0ubuntu5~16.04.2",
"1.6.2-0ubuntu5~16.04.3",
"1.6.2-0ubuntu5~16.04.4"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.13",
"binary_version": "1.13.8-1ubuntu1~16.04.3+esm3"
},
{
"binary_name": "golang-1.13-go",
"binary_version": "1.13.8-1ubuntu1~16.04.3+esm3"
},
{
"binary_name": "golang-1.13-src",
"binary_version": "1.13.8-1ubuntu1~16.04.3+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "golang-1.13",
"purl": "pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu1~16.04.3+esm3?arch=source\u0026distro=esm-apps/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.13.8-1ubuntu1~16.04.2",
"1.13.8-1ubuntu1~16.04.3",
"1.13.8-1ubuntu1~16.04.3+esm2",
"1.13.8-1ubuntu1~16.04.3+esm3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.10",
"binary_version": "1.10.4-2ubuntu1~18.04.2"
},
{
"binary_name": "golang-1.10-go",
"binary_version": "1.10.4-2ubuntu1~18.04.2"
},
{
"binary_name": "golang-1.10-src",
"binary_version": "1.10.4-2ubuntu1~18.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "golang-1.10",
"purl": "pkg:deb/ubuntu/golang-1.10@1.10.4-2ubuntu1~18.04.2?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.10~rc1-1",
"1.10~rc1-1ubuntu1",
"1.10~rc1-2ubuntu1",
"1.10~rc2-1ubuntu1",
"1.10-1ubuntu1",
"1.10.1-1ubuntu2",
"1.10.4-2ubuntu1~18.04.1",
"1.10.4-2ubuntu1~18.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.13",
"binary_version": "1.13.8-1ubuntu1~18.04.4+esm1"
},
{
"binary_name": "golang-1.13-go",
"binary_version": "1.13.8-1ubuntu1~18.04.4+esm1"
},
{
"binary_name": "golang-1.13-src",
"binary_version": "1.13.8-1ubuntu1~18.04.4+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "golang-1.13",
"purl": "pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu1~18.04.4+esm1?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.13.8-1ubuntu1~18.04.2",
"1.13.8-1ubuntu1~18.04.3",
"1.13.8-1ubuntu1~18.04.4",
"1.13.8-1ubuntu1~18.04.4+esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.16",
"binary_version": "1.16.2-0ubuntu1~18.04.2+esm1"
},
{
"binary_name": "golang-1.16-go",
"binary_version": "1.16.2-0ubuntu1~18.04.2+esm1"
},
{
"binary_name": "golang-1.16-src",
"binary_version": "1.16.2-0ubuntu1~18.04.2+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "golang-1.16",
"purl": "pkg:deb/ubuntu/golang-1.16@1.16.2-0ubuntu1~18.04.2+esm1?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.16.2-0ubuntu1~18.04.2",
"1.16.2-0ubuntu1~18.04.2+esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-1.18",
"binary_version": "1.18.1-1ubuntu1~18.04.4+esm1"
},
{
"binary_name": "golang-1.18-go",
"binary_version": "1.18.1-1ubuntu1~18.04.4+esm1"
},
{
"binary_name": "golang-1.18-src",
"binary_version": "1.18.1-1ubuntu1~18.04.4+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "golang-1.18",
"purl": "pkg:deb/ubuntu/golang-1.18@1.18.1-1ubuntu1~18.04.4+esm1?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.1-1ubuntu1~18.04.4+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18.1-1ubuntu1~18.04.3",
"1.18.1-1ubuntu1~18.04.4"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.8",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
},
{
"binary_name": "golang-1.8-go",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
},
{
"binary_name": "golang-1.8-go-shared-dev",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
},
{
"binary_name": "golang-1.8-src",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
},
{
"binary_name": "libgolang-1.8-std1",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "golang-1.8",
"purl": "pkg:deb/ubuntu/golang-1.8@1.8.3-2ubuntu1.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.8.3-2ubuntu1",
"1.8.3-2ubuntu1.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.9",
"binary_version": "1.9.4-1ubuntu1"
},
{
"binary_name": "golang-1.9-go",
"binary_version": "1.9.4-1ubuntu1"
},
{
"binary_name": "golang-1.9-src",
"binary_version": "1.9.4-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "golang-1.9",
"purl": "pkg:deb/ubuntu/golang-1.9@1.9.4-1ubuntu1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.9.1-2ubuntu1",
"1.9.2-1ubuntu1",
"1.9.2-3ubuntu1",
"1.9.3-1ubuntu1",
"1.9.4-1ubuntu1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.18",
"binary_version": "1.18.1-1ubuntu1~20.04.3"
},
{
"binary_name": "golang-1.18-go",
"binary_version": "1.18.1-1ubuntu1~20.04.3"
},
{
"binary_name": "golang-1.18-src",
"binary_version": "1.18.1-1ubuntu1~20.04.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.18",
"purl": "pkg:deb/ubuntu/golang-1.18@1.18.1-1ubuntu1~20.04.3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.1-1ubuntu1~20.04.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18.1-1ubuntu1~20.04.1",
"1.18.1-1ubuntu1~20.04.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.21",
"binary_version": "1.21.1-1~ubuntu20.04.3"
},
{
"binary_name": "golang-1.21-go",
"binary_version": "1.21.1-1~ubuntu20.04.3"
},
{
"binary_name": "golang-1.21-src",
"binary_version": "1.21.1-1~ubuntu20.04.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.21",
"purl": "pkg:deb/ubuntu/golang-1.21@1.21.1-1~ubuntu20.04.3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.21.1-1~ubuntu20.04.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.21.1-1~ubuntu20.04.1",
"1.21.1-1~ubuntu20.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.13",
"binary_version": "1.13.8-1ubuntu1.2"
},
{
"binary_name": "golang-1.13-go",
"binary_version": "1.13.8-1ubuntu1.2"
},
{
"binary_name": "golang-1.13-src",
"binary_version": "1.13.8-1ubuntu1.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.13",
"purl": "pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu1.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.13.1-1ubuntu1",
"1.13.3-1ubuntu1",
"1.13.4-1ubuntu1",
"1.13.5-1ubuntu1",
"1.13.6-1ubuntu1",
"1.13.6-2ubuntu1",
"1.13.7-1ubuntu1",
"1.13.8-1ubuntu1",
"1.13.8-1ubuntu1.1",
"1.13.8-1ubuntu1.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.14",
"binary_version": "1.14.3-2ubuntu2~20.04.2"
},
{
"binary_name": "golang-1.14-go",
"binary_version": "1.14.3-2ubuntu2~20.04.2"
},
{
"binary_name": "golang-1.14-src",
"binary_version": "1.14.3-2ubuntu2~20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.14",
"purl": "pkg:deb/ubuntu/golang-1.14@1.14.3-2ubuntu2~20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.14~beta1-1",
"1.14~beta1-2",
"1.14~rc1-1",
"1.14-1",
"1.14.1-1",
"1.14.2-1",
"1.14.2-1ubuntu1",
"1.14.3-2ubuntu2~20.04.1",
"1.14.3-2ubuntu2~20.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.16",
"binary_version": "1.16.2-0ubuntu1~20.04.1+esm1"
},
{
"binary_name": "golang-1.16-go",
"binary_version": "1.16.2-0ubuntu1~20.04.1+esm1"
},
{
"binary_name": "golang-1.16-src",
"binary_version": "1.16.2-0ubuntu1~20.04.1+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "golang-1.16",
"purl": "pkg:deb/ubuntu/golang-1.16@1.16.2-0ubuntu1~20.04.1+esm1?arch=source\u0026distro=esm-apps/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.16.2-0ubuntu1~20.04",
"1.16.2-0ubuntu1~20.04.1",
"1.16.2-0ubuntu1~20.04.1+esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.20",
"binary_version": "1.20.3-1ubuntu0.1~20.04.1"
},
{
"binary_name": "golang-1.20-go",
"binary_version": "1.20.3-1ubuntu0.1~20.04.1"
},
{
"binary_name": "golang-1.20-src",
"binary_version": "1.20.3-1ubuntu0.1~20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.20",
"purl": "pkg:deb/ubuntu/golang-1.20@1.20.3-1ubuntu0.1~20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.20.3-1ubuntu0.1~20.04",
"1.20.3-1ubuntu0.1~20.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.17",
"binary_version": "1.17.13-3ubuntu1.3"
},
{
"binary_name": "golang-1.17-go",
"binary_version": "1.17.13-3ubuntu1.3"
},
{
"binary_name": "golang-1.17-src",
"binary_version": "1.17.13-3ubuntu1.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "golang-1.17",
"purl": "pkg:deb/ubuntu/golang-1.17@1.17.13-3ubuntu1.3?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.17.13-3ubuntu1.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.17-1ubuntu2",
"1.17.3-1ubuntu1",
"1.17.3-1ubuntu2",
"1.17.13-3ubuntu1",
"1.17.13-3ubuntu1.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.18",
"binary_version": "1.18.1-1ubuntu1.2"
},
{
"binary_name": "golang-1.18-go",
"binary_version": "1.18.1-1ubuntu1.2"
},
{
"binary_name": "golang-1.18-src",
"binary_version": "1.18.1-1ubuntu1.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "golang-1.18",
"purl": "pkg:deb/ubuntu/golang-1.18@1.18.1-1ubuntu1.2?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.1-1ubuntu1.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18~beta1-0ubuntu1",
"1.18~beta2-1ubuntu1",
"1.18~beta2-1ubuntu2",
"1.18~rc1-1ubuntu1",
"1.18-1ubuntu1",
"1.18.1-1ubuntu1",
"1.18.1-1ubuntu1.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.20",
"binary_version": "1.20.3-1ubuntu0.1~22.04.1"
},
{
"binary_name": "golang-1.20-go",
"binary_version": "1.20.3-1ubuntu0.1~22.04.1"
},
{
"binary_name": "golang-1.20-src",
"binary_version": "1.20.3-1ubuntu0.1~22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "golang-1.20",
"purl": "pkg:deb/ubuntu/golang-1.20@1.20.3-1ubuntu0.1~22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.20.3-1ubuntu0.1~22.04",
"1.20.3-1ubuntu0.1~22.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.21",
"binary_version": "1.21.1-1~ubuntu22.04.3"
},
{
"binary_name": "golang-1.21-go",
"binary_version": "1.21.1-1~ubuntu22.04.3"
},
{
"binary_name": "golang-1.21-src",
"binary_version": "1.21.1-1~ubuntu22.04.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "golang-1.21",
"purl": "pkg:deb/ubuntu/golang-1.21@1.21.1-1~ubuntu22.04.3?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.21.1-1~ubuntu22.04.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.21.1-1~ubuntu22.04.1",
"1.21.1-1~ubuntu22.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.13",
"binary_version": "1.13.8-1ubuntu2.22.04.2"
},
{
"binary_name": "golang-1.13-go",
"binary_version": "1.13.8-1ubuntu2.22.04.2"
},
{
"binary_name": "golang-1.13-src",
"binary_version": "1.13.8-1ubuntu2.22.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:22.04:LTS",
"name": "golang-1.13",
"purl": "pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu2.22.04.2?arch=source\u0026distro=esm-apps/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.13.8-1ubuntu2",
"1.13.8-1ubuntu2.22.04.1",
"1.13.8-1ubuntu2.22.04.1+esm1",
"1.13.8-1ubuntu2.22.04.2"
]
}
],
"aliases": [],
"details": "The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers.",
"id": "UBUNTU-CVE-2024-24784",
"modified": "2026-05-20T15:07:37Z",
"published": "2024-03-05T23:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-24784"
},
{
"type": "REPORT",
"url": "https://github.com/golang/go/issues/65083"
},
{
"type": "REPORT",
"url": "https://github.com/golang/go/commit/5330cd225ba54c7dc78c1b46dcdf61a4671a632c"
},
{
"type": "REPORT",
"url": "https://github.com/golang/go/commit/263c059b09fdd40d9dd945f2ecb20c89ea28efe5"
},
{
"type": "REPORT",
"url": "https://go.dev/issue/65083"
},
{
"type": "REPORT",
"url": "https://go.dev/cl/555596"
},
{
"type": "REPORT",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"type": "REPORT",
"url": "https://pkg.go.dev/vuln/GO-2024-2609"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24784"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6886-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7109-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7111-1"
}
],
"related": [
"USN-6886-1",
"USN-7109-1",
"USN-7111-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2024-24784"
]
}
ubuntu-cve-2024-24789
Vulnerability from osv_ubuntu
The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.
| URL | Type | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.10",
"binary_version": "1.10.4-2ubuntu1~14.04.1"
},
{
"binary_name": "golang-1.10-go",
"binary_version": "1.10.4-2ubuntu1~14.04.1"
},
{
"binary_name": "golang-1.10-src",
"binary_version": "1.10.4-2ubuntu1~14.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "golang-1.10",
"purl": "pkg:deb/ubuntu/golang-1.10@1.10.4-2ubuntu1~14.04.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.10.4-2ubuntu1~14.04.1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-1.18",
"binary_version": "1.18.1-1ubuntu1~16.04.6+esm1"
},
{
"binary_name": "golang-1.18-go",
"binary_version": "1.18.1-1ubuntu1~16.04.6+esm1"
},
{
"binary_name": "golang-1.18-src",
"binary_version": "1.18.1-1ubuntu1~16.04.6+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "golang-1.18",
"purl": "pkg:deb/ubuntu/golang-1.18@1.18.1-1ubuntu1~16.04.6+esm1?arch=source\u0026distro=esm-apps/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.1-1ubuntu1~16.04.6+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18.1-1ubuntu1~16.04.6"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.10",
"binary_version": "1.10.4-2ubuntu1~16.04.2"
},
{
"binary_name": "golang-1.10-go",
"binary_version": "1.10.4-2ubuntu1~16.04.2"
},
{
"binary_name": "golang-1.10-src",
"binary_version": "1.10.4-2ubuntu1~16.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "golang-1.10",
"purl": "pkg:deb/ubuntu/golang-1.10@1.10.4-2ubuntu1~16.04.2?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.10.4-2ubuntu1~16.04.1",
"1.10.4-2ubuntu1~16.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.13",
"binary_version": "1.13.8-1ubuntu1~16.04.3+esm3"
},
{
"binary_name": "golang-1.13-go",
"binary_version": "1.13.8-1ubuntu1~16.04.3+esm3"
},
{
"binary_name": "golang-1.13-src",
"binary_version": "1.13.8-1ubuntu1~16.04.3+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "golang-1.13",
"purl": "pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu1~16.04.3+esm3?arch=source\u0026distro=esm-apps/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.13.8-1ubuntu1~16.04.2",
"1.13.8-1ubuntu1~16.04.3",
"1.13.8-1ubuntu1~16.04.3+esm2",
"1.13.8-1ubuntu1~16.04.3+esm3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.10",
"binary_version": "1.10.4-2ubuntu1~18.04.2"
},
{
"binary_name": "golang-1.10-go",
"binary_version": "1.10.4-2ubuntu1~18.04.2"
},
{
"binary_name": "golang-1.10-src",
"binary_version": "1.10.4-2ubuntu1~18.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "golang-1.10",
"purl": "pkg:deb/ubuntu/golang-1.10@1.10.4-2ubuntu1~18.04.2?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.10~rc1-1",
"1.10~rc1-1ubuntu1",
"1.10~rc1-2ubuntu1",
"1.10~rc2-1ubuntu1",
"1.10-1ubuntu1",
"1.10.1-1ubuntu2",
"1.10.4-2ubuntu1~18.04.1",
"1.10.4-2ubuntu1~18.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.13",
"binary_version": "1.13.8-1ubuntu1~18.04.4+esm1"
},
{
"binary_name": "golang-1.13-go",
"binary_version": "1.13.8-1ubuntu1~18.04.4+esm1"
},
{
"binary_name": "golang-1.13-src",
"binary_version": "1.13.8-1ubuntu1~18.04.4+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "golang-1.13",
"purl": "pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu1~18.04.4+esm1?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.13.8-1ubuntu1~18.04.2",
"1.13.8-1ubuntu1~18.04.3",
"1.13.8-1ubuntu1~18.04.4",
"1.13.8-1ubuntu1~18.04.4+esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.16",
"binary_version": "1.16.2-0ubuntu1~18.04.2+esm1"
},
{
"binary_name": "golang-1.16-go",
"binary_version": "1.16.2-0ubuntu1~18.04.2+esm1"
},
{
"binary_name": "golang-1.16-src",
"binary_version": "1.16.2-0ubuntu1~18.04.2+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "golang-1.16",
"purl": "pkg:deb/ubuntu/golang-1.16@1.16.2-0ubuntu1~18.04.2+esm1?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.16.2-0ubuntu1~18.04.2",
"1.16.2-0ubuntu1~18.04.2+esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-1.18",
"binary_version": "1.18.1-1ubuntu1~18.04.4+esm1"
},
{
"binary_name": "golang-1.18-go",
"binary_version": "1.18.1-1ubuntu1~18.04.4+esm1"
},
{
"binary_name": "golang-1.18-src",
"binary_version": "1.18.1-1ubuntu1~18.04.4+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "golang-1.18",
"purl": "pkg:deb/ubuntu/golang-1.18@1.18.1-1ubuntu1~18.04.4+esm1?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.1-1ubuntu1~18.04.4+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18.1-1ubuntu1~18.04.3",
"1.18.1-1ubuntu1~18.04.4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.18",
"binary_version": "1.18.1-1ubuntu1~20.04.3"
},
{
"binary_name": "golang-1.18-go",
"binary_version": "1.18.1-1ubuntu1~20.04.3"
},
{
"binary_name": "golang-1.18-src",
"binary_version": "1.18.1-1ubuntu1~20.04.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.18",
"purl": "pkg:deb/ubuntu/golang-1.18@1.18.1-1ubuntu1~20.04.3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.1-1ubuntu1~20.04.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18.1-1ubuntu1~20.04.1",
"1.18.1-1ubuntu1~20.04.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.21",
"binary_version": "1.21.1-1~ubuntu20.04.3"
},
{
"binary_name": "golang-1.21-go",
"binary_version": "1.21.1-1~ubuntu20.04.3"
},
{
"binary_name": "golang-1.21-src",
"binary_version": "1.21.1-1~ubuntu20.04.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.21",
"purl": "pkg:deb/ubuntu/golang-1.21@1.21.1-1~ubuntu20.04.3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.21.1-1~ubuntu20.04.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.21.1-1~ubuntu20.04.1",
"1.21.1-1~ubuntu20.04.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.22",
"binary_version": "1.22.2-2~20.04.1"
},
{
"binary_name": "golang-1.22-go",
"binary_version": "1.22.2-2~20.04.1"
},
{
"binary_name": "golang-1.22-src",
"binary_version": "1.22.2-2~20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.22",
"purl": "pkg:deb/ubuntu/golang-1.22@1.22.2-2~20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.22.2-2~20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": []
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.13",
"binary_version": "1.13.8-1ubuntu1.2"
},
{
"binary_name": "golang-1.13-go",
"binary_version": "1.13.8-1ubuntu1.2"
},
{
"binary_name": "golang-1.13-src",
"binary_version": "1.13.8-1ubuntu1.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.13",
"purl": "pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu1.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.13.1-1ubuntu1",
"1.13.3-1ubuntu1",
"1.13.4-1ubuntu1",
"1.13.5-1ubuntu1",
"1.13.6-1ubuntu1",
"1.13.6-2ubuntu1",
"1.13.7-1ubuntu1",
"1.13.8-1ubuntu1",
"1.13.8-1ubuntu1.1",
"1.13.8-1ubuntu1.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.14",
"binary_version": "1.14.3-2ubuntu2~20.04.2"
},
{
"binary_name": "golang-1.14-go",
"binary_version": "1.14.3-2ubuntu2~20.04.2"
},
{
"binary_name": "golang-1.14-src",
"binary_version": "1.14.3-2ubuntu2~20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.14",
"purl": "pkg:deb/ubuntu/golang-1.14@1.14.3-2ubuntu2~20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.14~beta1-1",
"1.14~beta1-2",
"1.14~rc1-1",
"1.14-1",
"1.14.1-1",
"1.14.2-1",
"1.14.2-1ubuntu1",
"1.14.3-2ubuntu2~20.04.1",
"1.14.3-2ubuntu2~20.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.16",
"binary_version": "1.16.2-0ubuntu1~20.04.1+esm1"
},
{
"binary_name": "golang-1.16-go",
"binary_version": "1.16.2-0ubuntu1~20.04.1+esm1"
},
{
"binary_name": "golang-1.16-src",
"binary_version": "1.16.2-0ubuntu1~20.04.1+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "golang-1.16",
"purl": "pkg:deb/ubuntu/golang-1.16@1.16.2-0ubuntu1~20.04.1+esm1?arch=source\u0026distro=esm-apps/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.16.2-0ubuntu1~20.04",
"1.16.2-0ubuntu1~20.04.1",
"1.16.2-0ubuntu1~20.04.1+esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.20",
"binary_version": "1.20.3-1ubuntu0.1~20.04.1"
},
{
"binary_name": "golang-1.20-go",
"binary_version": "1.20.3-1ubuntu0.1~20.04.1"
},
{
"binary_name": "golang-1.20-src",
"binary_version": "1.20.3-1ubuntu0.1~20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-1.20",
"purl": "pkg:deb/ubuntu/golang-1.20@1.20.3-1ubuntu0.1~20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.20.3-1ubuntu0.1~20.04",
"1.20.3-1ubuntu0.1~20.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.17",
"binary_version": "1.17.13-3ubuntu1.3"
},
{
"binary_name": "golang-1.17-go",
"binary_version": "1.17.13-3ubuntu1.3"
},
{
"binary_name": "golang-1.17-src",
"binary_version": "1.17.13-3ubuntu1.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "golang-1.17",
"purl": "pkg:deb/ubuntu/golang-1.17@1.17.13-3ubuntu1.3?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.17.13-3ubuntu1.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.17-1ubuntu2",
"1.17.3-1ubuntu1",
"1.17.3-1ubuntu2",
"1.17.13-3ubuntu1",
"1.17.13-3ubuntu1.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.18",
"binary_version": "1.18.1-1ubuntu1.2"
},
{
"binary_name": "golang-1.18-go",
"binary_version": "1.18.1-1ubuntu1.2"
},
{
"binary_name": "golang-1.18-src",
"binary_version": "1.18.1-1ubuntu1.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "golang-1.18",
"purl": "pkg:deb/ubuntu/golang-1.18@1.18.1-1ubuntu1.2?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.1-1ubuntu1.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.18~beta1-0ubuntu1",
"1.18~beta2-1ubuntu1",
"1.18~beta2-1ubuntu2",
"1.18~rc1-1ubuntu1",
"1.18-1ubuntu1",
"1.18.1-1ubuntu1",
"1.18.1-1ubuntu1.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.20",
"binary_version": "1.20.3-1ubuntu0.1~22.04.1"
},
{
"binary_name": "golang-1.20-go",
"binary_version": "1.20.3-1ubuntu0.1~22.04.1"
},
{
"binary_name": "golang-1.20-src",
"binary_version": "1.20.3-1ubuntu0.1~22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "golang-1.20",
"purl": "pkg:deb/ubuntu/golang-1.20@1.20.3-1ubuntu0.1~22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.20.3-1ubuntu0.1~22.04",
"1.20.3-1ubuntu0.1~22.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.21",
"binary_version": "1.21.1-1~ubuntu22.04.3"
},
{
"binary_name": "golang-1.21-go",
"binary_version": "1.21.1-1~ubuntu22.04.3"
},
{
"binary_name": "golang-1.21-src",
"binary_version": "1.21.1-1~ubuntu22.04.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "golang-1.21",
"purl": "pkg:deb/ubuntu/golang-1.21@1.21.1-1~ubuntu22.04.3?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.21.1-1~ubuntu22.04.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.21.1-1~ubuntu22.04.1",
"1.21.1-1~ubuntu22.04.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.22",
"binary_version": "1.22.2-2~22.04.1"
},
{
"binary_name": "golang-1.22-go",
"binary_version": "1.22.2-2~22.04.1"
},
{
"binary_name": "golang-1.22-src",
"binary_version": "1.22.2-2~22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "golang-1.22",
"purl": "pkg:deb/ubuntu/golang-1.22@1.22.2-2~22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.22.2-2~22.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.22.2-2~22.04"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-1.13",
"binary_version": "1.13.8-1ubuntu2.22.04.2"
},
{
"binary_name": "golang-1.13-go",
"binary_version": "1.13.8-1ubuntu2.22.04.2"
},
{
"binary_name": "golang-1.13-src",
"binary_version": "1.13.8-1ubuntu2.22.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:22.04:LTS",
"name": "golang-1.13",
"purl": "pkg:deb/ubuntu/golang-1.13@1.13.8-1ubuntu2.22.04.2?arch=source\u0026distro=esm-apps/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.13.8-1ubuntu2",
"1.13.8-1ubuntu2.22.04.1",
"1.13.8-1ubuntu2.22.04.1+esm1",
"1.13.8-1ubuntu2.22.04.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.21",
"binary_version": "1.21.9-1ubuntu0.1"
},
{
"binary_name": "golang-1.21-go",
"binary_version": "1.21.9-1ubuntu0.1"
},
{
"binary_name": "golang-1.21-src",
"binary_version": "1.21.9-1ubuntu0.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "golang-1.21",
"purl": "pkg:deb/ubuntu/golang-1.21@1.21.9-1ubuntu0.1?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.21.9-1ubuntu0.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.21.1-1",
"1.21.3-1",
"1.21.4-1",
"1.21.5-1",
"1.21.6-1",
"1.21.7-1",
"1.21.7-2",
"1.21.8-1",
"1.21.8-1build1",
"1.21.9-1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-1.22",
"binary_version": "1.22.2-2ubuntu0.1"
},
{
"binary_name": "golang-1.22-go",
"binary_version": "1.22.2-2ubuntu0.1"
},
{
"binary_name": "golang-1.22-src",
"binary_version": "1.22.2-2ubuntu0.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "golang-1.22",
"purl": "pkg:deb/ubuntu/golang-1.22@1.22.2-2ubuntu0.1?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.22.2-2ubuntu0.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.22~rc1-2",
"1.22.0-1",
"1.22.0-2",
"1.22.1-1",
"1.22.1-1build1",
"1.22.2-2"
]
}
],
"aliases": [],
"details": "The archive/zip package\u0027s handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.",
"id": "UBUNTU-CVE-2024-24789",
"modified": "2026-05-20T15:07:37Z",
"published": "2024-06-05T16:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-24789"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24789"
},
{
"type": "REPORT",
"url": "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k"
},
{
"type": "REPORT",
"url": "https://github.com/golang/go/issues/66869"
},
{
"type": "REPORT",
"url": "https://go.dev/cl/585397"
},
{
"type": "REPORT",
"url": "https://go.dev/issue/66869"
},
{
"type": "REPORT",
"url": "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ"
},
{
"type": "REPORT",
"url": "https://pkg.go.dev/vuln/GO-2024-2888"
},
{
"type": "REPORT",
"url": "https://github.com/golang/go/commit/c8e40338cf00f3c1d86c8fb23863ad67a4c72bcc"
},
{
"type": "REPORT",
"url": "https://github.com/golang/go/commit/cf501ac0c5fe351a8582d20b43562027927906e7"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6886-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7109-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7111-1"
}
],
"related": [
"USN-6886-1",
"USN-7109-1",
"USN-7111-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2024-24789"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.