Search CVE reports
11 – 19 of 19 results
Some fixes available 8 of 23
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.
8 affected packages
golang-1.11, golang-1.17, golang-1.7, golang-1.8, golang-golang-x-net...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-1.11 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.17 | Not in release | Not in release | Vulnerable | Not in release | Not in release |
| golang-1.7 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| golang-golang-x-net | Not affected | Not affected | Not affected | Not in release | Not in release |
| golang-golang-x-net-dev | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
| google-guest-agent | Fixed | Fixed | Fixed | Fixed | Vulnerable |
| golang-1.15 | — | — | — | Not in release | Not in release |
net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some...
6 affected packages
golang-1.11, golang-1.15, golang-1.16, golang-golang-x-net, golang-golang-x-net-dev, google-guest-agent
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-1.11 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.15 | — | — | — | Not in release | Not in release |
| golang-1.16 | Not in release | Not in release | Not in release | Ignored | Ignored |
| golang-golang-x-net | Not affected | Not affected | Not affected | Not in release | Not in release |
| golang-golang-x-net-dev | Not in release | Not in release | Not in release | Ignored | Ignored |
| google-guest-agent | Not affected | Not affected | Not affected | Not affected | Not affected |
Some fixes available 2 of 10
golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input.
4 affected packages
golang-golang-x-net-dev, google-guest-agent, golang-golang-x-net, lxd
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-golang-x-net-dev | — | Not in release | Not in release | Fixed | Not affected |
| google-guest-agent | — | Not affected | Not affected | Not affected | Not affected |
| golang-golang-x-net | — | Not affected | Not affected | Not in release | Not in release |
| lxd | — | Not in release | Not in release | Not affected | Fixed |
The html package (aka x/net/html) through 2018-09-25 in Go mishandles <math><template><mn><b></template>, leading to a "panic: runtime error" (index out of range) in (*insertionModeStack).pop in node.go, called from inHeadIM,...
2 affected packages
golang-go.net-dev, golang-golang-x-net-dev
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-go.net-dev | — | — | — | — | Not in release |
| golang-golang-x-net-dev | — | — | — | — | Not affected |
The html package (aka x/net/html) through 2018-09-25 in Go mishandles <svg><template><desc><t><svg></template>, leading to a "panic: runtime error" (index out of range) in (*nodeStack).pop in node.go, called...
2 affected packages
golang-go.net-dev, golang-golang-x-net-dev
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-go.net-dev | — | — | — | — | Not in release |
| golang-golang-x-net-dev | — | — | — | — | Not affected |
The html package (aka x/net/html) through 2018-09-25 in Go mishandles <table><math><select><mi><select></table>, leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a...
2 affected packages
golang-go.net-dev, golang-golang-x-net-dev
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-go.net-dev | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-golang-x-net-dev | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
The html package (aka x/net/html) through 2018-09-17 in Go mishandles <template><tBody><isindex/action=0>, leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call.
1 affected package
golang-golang-x-net-dev
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-golang-x-net-dev | — | — | — | — | Not affected |
The html package (aka x/net/html) through 2018-09-17 in Go mishandles <math><template><mo><template>, leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call.
1 affected package
golang-golang-x-net-dev
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-golang-x-net-dev | — | — | — | — | Not affected |
The html package (aka x/net/html) before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of <template><object>, <template><applet>, or <template><marquee>. This is...
2 affected packages
golang-go.net-dev, golang-golang-x-net-dev
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-go.net-dev | — | — | — | — | Not in release |
| golang-golang-x-net-dev | — | — | — | — | Not affected |