Bugs fixes in "golang-1.18"
| Origin | Bug number | Title | Date fixed |
|---|---|---|---|
| CVE | CVE-2023-24538 | Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, | 2023-04-25 |
| CVE | CVE-2023-24537 | Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to | 2023-04-25 |
| CVE | CVE-2022-32148 | Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with | 2023-04-25 |
| CVE | CVE-2022-30629 | Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshak | 2023-04-25 |
| CVE | CVE-2022-29526 | Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function co | 2023-04-25 |
| CVE | CVE-2022-2880 | Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. | 2023-04-25 |
| CVE | CVE-2022-2879 | Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of | 2023-04-25 |
| CVE | CVE-2023-24534 | HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certai | 2023-04-25 |
| CVE | CVE-2022-41717 | An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys | 2023-04-25 |
| CVE | CVE-2022-41715 | Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp repr | 2023-04-25 |
| CVE | CVE-2022-32189 | A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing | 2023-04-25 |
| CVE | CVE-2022-30635 | Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion | 2023-04-25 |
| CVE | CVE-2022-30633 | Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via u | 2023-04-25 |
| CVE | CVE-2022-30632 | Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a pat | 2023-04-25 |
| CVE | CVE-2022-30631 | Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion vi | 2023-04-25 |
| CVE | CVE-2022-30630 | Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which | 2023-04-25 |
| CVE | CVE-2022-28131 | Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion vi | 2023-04-25 |
| CVE | CVE-2022-27664 | In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closin | 2023-04-25 |
| CVE | CVE-2022-1962 | Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion | 2023-04-25 |
| CVE | CVE-2022-1705 | Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling i | 2023-04-25 |
About
-
Send Feedback to @ubuntu_updates
