Shodan
Vulnerabilities
Vulnerable Software
Golang:  >> Go  >> 1.14.14  Security Vulnerabilities
CVE-2021-33198
In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.
CVSS Score
7.5
EPSS Score
0.0
Published
2021-08-02
CVE-2021-34558
The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.
CVSS Score
6.5
EPSS Score
0.008
Published
2021-07-15
CVE-2021-31525
net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.
CVSS Score
5.9
EPSS Score
0.0
Published
2021-05-27
CVE-2021-33194
golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input.
CVSS Score
7.5
EPSS Score
0.0
Published
2021-05-26
CVE-2021-27918
encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.
CVSS Score
7.5
EPSS Score
0.0
Published
2021-03-11
CVE-2020-29509
The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.
CVSS Score
9.8
EPSS Score
0.003
Published
2020-12-14
CVE-2020-29510
The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.
CVSS Score
9.8
EPSS Score
0.002
Published
2020-12-14
CVE-2020-29511
The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.
CVSS Score
9.8
EPSS Score
0.003
Published
2020-12-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved