Known Vulnerabilities for Go by Golang
Listed below are 10 of the newest known vulnerabilities associated with "Go" by "Golang".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-24921 | regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. | 7.5 - HIGH | 2022-03-05 | 2023-08-08 |
| CVE-2022-24675 | encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data. | 7.5 - HIGH | 2022-04-20 | 2023-11-07 |
| CVE-2022-23806 | Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations wi... | 9.1 - CRITICAL | 2022-02-11 | 2023-04-20 |
| CVE-2022-23773 | cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. Th... | 7.5 - HIGH | 2022-02-11 | 2023-08-08 |
| CVE-2022-23772 | Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory ... | 7.5 - HIGH | 2022-02-11 | 2022-11-09 |
| CVE-2021-27919 | archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader... | 5.5 - MEDIUM | 2021-03-11 | 2023-11-07 |
| CVE-2021-27918 | encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecod... | 7.5 - HIGH | 2021-03-11 | 2022-12-13 |
| CVE-2021-23772 | This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12. The unsafe... | 8.8 - HIGH | 2021-12-24 | 2022-01-04 |
| CVE-2021-3115 | Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using... | 7.5 - HIGH | 2021-01-26 | 2023-11-07 |
| CVE-2021-3114 | In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflo... | 6.5 - MEDIUM | 2021-01-26 | 2023-11-07 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Golang | Go | 2018-09-25 | All | All | All |
| Application | Golang | Go | 2018-09-17 | All | All | All |
| Application | Golang | Go | 2018-07-13 | All | All | All |
| Application | Golang | Go | 1.9.7 | All | All | All |
| Application | Golang | Go | 1.9.6 | All | All | All |
| Application | Golang | Go | 1.9.5 | All | All | All |
| Application | Golang | Go | 1.9.4 | All | All | All |
| Application | Golang | Go | 1.9.3 | All | All | All |
| Application | Golang | Go | 1.9.2 | All | All | All |
| Application | Golang | Go | 1.9.1 | All | All | All |
| Application | Golang | Go | 1.9 | - | All | All |
| Application | Golang | Go | 1.9 | beta1 | All | All |
| Application | Golang | Go | 1.9 | beta2 | All | All |
| Application | Golang | Go | 1.9 | rc1 | All | All |
| Application | Golang | Go | 1.9 | rc2 | All | All |
| Application | Golang | Go | 1.8.7 | All | All | All |
| Application | Golang | Go | 1.8.6 | All | All | All |
| Application | Golang | Go | 1.8.5 | - | All | All |
| Application | Golang | Go | 1.8.5 | rc4 | All | All |
| Application | Golang | Go | 1.8.5 | rc5 | All | All |