UbuntuUpdates.org

Bugs fixes in "golang-1.17"

Origin Bug number Title Date fixed
CVE CVE-2024-34158 Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. 2024-11-14
CVE CVE-2024-34156 Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-202 2024-11-14
CVE CVE-2024-34155 Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. 2024-11-14
CVE CVE-2024-24791 The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational 2024-11-14
CVE CVE-2024-24789 The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment cou 2024-11-14
CVE CVE-2024-24784 The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conformi 2024-11-14
CVE CVE-2024-24783 Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects 2024-11-14
CVE CVE-2023-45290 When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Requ 2024-11-14
CVE CVE-2023-45288 An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining 2024-11-14
CVE CVE-2023-39323 Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed 2024-11-14
CVE CVE-2023-24536 Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems fro 2024-11-14
CVE CVE-2022-41725 A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader 2024-11-14
CVE CVE-2022-41724 Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients 2024-11-14
CVE CVE-2022-41723 A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small 2024-11-14
CVE CVE-2024-34158 Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. 2024-11-14
CVE CVE-2024-34156 Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-202 2024-11-14
CVE CVE-2024-34155 Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. 2024-11-14
CVE CVE-2024-24791 The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational 2024-11-14
CVE CVE-2024-24789 The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment cou 2024-11-14
CVE CVE-2024-24784 The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conformi 2024-11-14



About   -   Send Feedback to @ubuntu_updates