Search CVE reports
131 – 133 of 133 results
Some fixes available 3 of 11
Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate.
9 affected packages
golang, golang-1.10, golang-1.11, golang-1.12, golang-1.13...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.10 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.11 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.12 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.13 | Not in release | Not in release | Not affected | Not affected | Vulnerable |
| golang-1.14 | Not in release | Not in release | Not in release | Fixed | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Not in release | Not affected |
| golang-1.9 | Not in release | Not in release | Not in release | Not in release | Not affected |
Some fixes available 1 of 12
Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies...
8 affected packages
golang, golang-1.10, golang-1.11, golang-1.12, golang-1.13...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.10 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.11 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.12 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.13 | Not in release | Not in release | Not affected | Fixed | Not affected |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.9 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.
9 affected packages
golang, golang-1.10, golang-1.11, golang-1.12, golang-1.13...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.10 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.11 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.12 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.13 | Not in release | Not in release | Not affected | Not affected | Not affected |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.7 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.9 | Not in release | Not in release | Not in release | Not in release | Vulnerable |