go1.19 (SUSE:Linux Enterprise Real Time 15 SP3) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Real Time 15 SP3 package go1.19, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (17)
CVE-2023-29405 — CVSS 9.8 (critical): The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when…
CVE-2023-24538 — CVSS 9.8 (critical): Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used…
CVE-2023-29404 — CVSS 9.8 (critical): The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when…
CVE-2023-24540 — CVSS 9.8 (critical): Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the…
CVE-2023-29402 — CVSS 9.8 (critical): The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program…
CVE-2023-29403 — CVSS 7.8 (high): On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in…
CVE-2023-24537 — CVSS 7.5 (high): Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite…
CVE-2022-41722 — CVSS 7.5 (high): A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path…
CVE-2022-41723 — CVSS 7.5 (high): A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service…
CVE-2022-41724 — CVSS 7.5 (high): Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers…
CVE-2022-41725 — CVSS 7.5 (high): A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with…
CVE-2023-24534 — CVSS 7.5 (high): HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of…
CVE-2023-24536 — CVSS 7.5 (high): Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This…
CVE-2023-29400 — CVSS 7.3 (high): Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected…
CVE-2023-24539 — CVSS 7.3 (high): Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions…
CVE-2023-29406 — CVSS 6.5 (medium): The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers…
CVE-2023-24532 — CVSS 5.3 (medium): The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars…