go1.23-openssl (SUSE:Linux Enterprise Module for Development Tools 15 SP6) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Development Tools 15 SP6 package go1.23-openssl, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (13)
CVE-2025-22871 — CVSS 9.1 (critical): The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling…
CVE-2025-4674 — CVSS 8.6 (high): The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS…
CVE-2024-34156 — CVSS 7.5 (high): Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up…
CVE-2024-34158 — CVSS 7.5 (high): Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.
CVE-2025-47907 — CVSS 7.0 (high): Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned…
CVE-2025-4673 — CVSS 6.8 (medium): Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.
CVE-2025-47906 — CVSS 6.5 (medium): If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath…
CVE-2024-45341 — CVSS 6.1 (medium): A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the…
CVE-2024-45336 — CVSS 6.1 (medium): The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an…
CVE-2025-0913 — CVSS 5.5 (medium): os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix…
CVE-2025-22870 — CVSS 4.4 (medium): Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY…
CVE-2024-34155 — CVSS 4.3 (medium): Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.
CVE-2025-22866 — CVSS 4.0 (medium): Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret…