Shodan
Vulnerabilities
Vulnerable Software
Golang:  >> Go  >> 1.16.10  Security Vulnerabilities
CVE-2022-1705
Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.
CVSS Score
6.5
EPSS Score
0.0
Published
2022-08-10
CVE-2022-30634
Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.
CVSS Score
7.5
EPSS Score
0.0
Published
2022-07-15
CVE-2022-29526
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-06-23
CVE-2022-28327
The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-04-20
CVE-2022-24675
encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-04-20
CVE-2022-24921
regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.
CVSS Score
7.5
EPSS Score
0.0
Published
2022-03-05
CVE-2022-23772
Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.
CVSS Score
7.5
EPSS Score
0.0
Published
2022-02-11
CVE-2022-23773
cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-02-11
CVE-2022-23806
Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.
CVSS Score
9.1
EPSS Score
0.0
Published
2022-02-11
CVE-2021-44716
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-01-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved