QID 354064

a flaw was found in golang.
The http/1 client accepted invalid transfer-encoding headers indicating "chunked" encoding.
This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. (
( CVE-2022-1705) a flaw was found in the golang standard library, go/parser.
When calling any parse functions on the go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion.
This issue allows an attacker to impact system availability. (
( CVE-2022-1962) authorization bypass through user-controlled key in github repository emicklei/go-restful prior to v3.8.0. (
( CVE-2022-1996) a buffer overflow flaw was found in golangs library encoding/pem.
This flaw allows an attacker to use a large pem input (more than 5 mb) ), causing a stack overflow in decode, which leads to a loss of availability. (
( CVE-2022-24675) a broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh.
This issue causes a client to fail authentification with rsa keys to servers that reject signature algorithms based on sha-2, enabling an attacker to crash the server, resulting in a loss of availability. (
( CVE-2022-27191) a flaw was found in golang encoding/xml.
When calling decoder.
Skip while parsing a deeply nested xml document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.

Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.