Search CVE reports
1 – 10 of 12 results
CVE-2024-24786
Medium prioritySome fixes available 9 of 18
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the...
3 affected packages
golang-google-protobuf, google-guest-agent, google-osconfig-agent
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang-google-protobuf | Needs evaluation | Needs evaluation | Not in release | — | — |
google-guest-agent | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
google-osconfig-agent | Fixed | Fixed | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-3978
Medium priorityText nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.
4 affected packages
containerd, golang-golang-x-net, golang-golang-x-net-dev, google-guest-agent
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
containerd | Not affected | Not affected | Not affected | Not affected | Not affected |
golang-golang-x-net | Needs evaluation | Needs evaluation | Not in release | Ignored | Ignored |
golang-golang-x-net-dev | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
google-guest-agent | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2023-24535
Medium priorityParsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic.
4 affected packages
golang-github-golang-protobuf-1-3, golang-github-golang-protobuf-1-5, golang-goprotobuf, google-guest-agent
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang-github-golang-protobuf-1-3 | Needs evaluation | Not in release | Not in release | Ignored | Ignored |
golang-github-golang-protobuf-1-5 | Needs evaluation | Not in release | Not in release | Ignored | Ignored |
golang-goprotobuf | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
google-guest-agent | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2022-41723
Medium prioritySome fixes available 10 of 29
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
16 affected packages
containerd, golang, golang-1.10, golang-1.13, golang-1.14...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
containerd | Not affected | Not affected | Not affected | Not affected | Not affected |
golang | Not in release | Not in release | Not in release | Not in release | Not in release |
golang-1.10 | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
golang-1.13 | Not in release | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
golang-1.14 | Not in release | Not in release | Vulnerable | Not in release | Not in release |
golang-1.16 | Not in release | Not in release | Vulnerable | Vulnerable | Not in release |
golang-1.17 | Not in release | Fixed | Not in release | Not in release | Not in release |
golang-1.18 | Not in release | Fixed | Fixed | Fixed | Fixed |
golang-1.19 | Not in release | Not in release | Not in release | Not in release | Not in release |
golang-1.20 | Not in release | Not affected | Not affected | Not in release | Not in release |
golang-1.21 | Not affected | Not affected | Not affected | Not in release | Not in release |
golang-1.6 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
golang-1.8 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
golang-1.9 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
golang-golang-x-net | Not affected | Vulnerable | Not in release | Not in release | Ignored |
google-guest-agent | Fixed | Fixed | Fixed | Vulnerable | Vulnerable |
CVE-2022-41721
Medium priorityA request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead...
2 affected packages
golang-golang-x-net, google-guest-agent
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang-golang-x-net | — | Not affected | Not in release | Not in release | Ignored |
google-guest-agent | — | Not affected | Not affected | Not affected | Not affected |
CVE-2022-27664
Medium prioritySome fixes available 15 of 32
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.
14 affected packages
containerd, golang, golang-1.10, golang-1.13, golang-1.14...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
containerd | Not affected | Not affected | Not affected | Not affected | Not affected |
golang | — | Not in release | Not in release | Not in release | Ignored |
golang-1.10 | — | Not in release | Not in release | Vulnerable | Vulnerable |
golang-1.13 | Not in release | Fixed | Fixed | Fixed | Fixed |
golang-1.14 | — | Not in release | Vulnerable | Not in release | Ignored |
golang-1.16 | — | Not in release | Fixed | Fixed | Ignored |
golang-1.17 | — | Vulnerable | Not in release | Not in release | Ignored |
golang-1.18 | Not in release | Fixed | Fixed | Fixed | Fixed |
golang-1.6 | — | Not in release | Not in release | Not in release | Vulnerable |
golang-1.8 | — | Not in release | Not in release | Vulnerable | Ignored |
golang-1.9 | — | Not in release | Not in release | Vulnerable | Ignored |
golang-golang-x-net | Not affected | Vulnerable | Not in release | Not in release | Not in release |
golang-golang-x-net-dev | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
google-guest-agent | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
CVE-2022-29583
Medium priority** DISPUTED ** service_windows.go in the kardianos service package for Go omits quoting that is sometimes needed for execution of a Windows service executable from the intended directory. NOTE: this finding could not be reproduced...
2 affected packages
golang-github-kardianos-service, google-guest-agent
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang-github-kardianos-service | — | Not affected | Not affected | Not in release | Not in release |
google-guest-agent | — | Not affected | Not affected | Not affected | Not affected |
CVE-2021-44716
Medium prioritySome fixes available 5 of 21
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.
8 affected packages
golang-1.11, golang-1.15, golang-1.17, golang-1.7, golang-1.8...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang-1.11 | Not in release | Not in release | Not in release | Not in release | Ignored |
golang-1.15 | — | — | Not in release | Not in release | Ignored |
golang-1.17 | Not in release | Vulnerable | Not in release | Not in release | Ignored |
golang-1.7 | Not in release | Not in release | Not in release | Not in release | Ignored |
golang-1.8 | Not in release | Not in release | Not in release | Vulnerable | Ignored |
golang-golang-x-net | Not affected | Not affected | Not in release | Not in release | Not in release |
golang-golang-x-net-dev | Not in release | Not in release | Vulnerable | Vulnerable | Needs evaluation |
google-guest-agent | Fixed | Fixed | Fixed | Vulnerable | Vulnerable |
CVE-2021-31525
Low prioritynet/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some...
6 affected packages
golang-1.11, golang-1.15, golang-1.16, golang-golang-x-net, golang-golang-x-net-dev, google-guest-agent
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang-1.11 | Not in release | Not in release | Not in release | Not in release | Ignored |
golang-1.15 | — | — | Not in release | Not in release | Ignored |
golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation | Ignored |
golang-golang-x-net | Not affected | Not affected | Not in release | Not in release | Not in release |
golang-golang-x-net-dev | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
google-guest-agent | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
CVE-2021-33194
Medium prioritygolang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input.
3 affected packages
golang-golang-x-net, golang-golang-x-net-dev, google-guest-agent
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang-golang-x-net | Needs evaluation | Needs evaluation | Not in release | Not in release | Not in release |
golang-golang-x-net-dev | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
google-guest-agent | Not affected | Not affected | Not affected | Not affected | Not affected |