go1.19 (SUSE:Linux Enterprise Module for Development Tools 15 SP3) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Development Tools 15 SP3 package go1.19, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (8)
CVE-2022-41720 — CVSS 7.5 (high): On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of…
CVE-2022-2879 — CVSS 7.5 (high): Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded…
CVE-2022-2880 — CVSS 7.5 (high): Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by…
CVE-2022-32190 — CVSS 7.5 (high): JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath("https://go.dev", "../go")…
CVE-2022-41715 — CVSS 7.5 (high): Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed…
CVE-2022-41716 — CVSS 7.5 (high): Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and…
CVE-2022-27664 — CVSS 7.5 (high): In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang…
CVE-2022-41717 — CVSS 5.3 (medium): An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP…