Vulnerabilidades em Go standard library
111 resultadosCVE-2023-24536HIGHExcessive resource consumption in net/http, net/textproto and mime/multipartEPSS 1.5%CVE-2024-24791HIGHDenial of service due to improper 100-continue handling in net/httpEPSS 1.4%CVE-2022-30635HIGHStack exhaustion when decoding certain messages in encoding/gobEPSS 1.4%CVE-2023-24537HIGHInfinite loop in parsing in go/scannerEPSS 1.4%CVE-2022-41715—Memory exhaustion when compiling regular expressions in regexp/syntaxEPSS 1.3%CVE-2023-29409—Large RSA keys can cause high CPU usage in crypto/tlsEPSS 1.3%CVE-2023-29406—Insufficient sanitization of Host header in net/httpEPSS 1.3%CVE-2023-45287—Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channelEPSS 1.3%CVE-2022-41725—Excessive resource consumption in mime/multipartEPSS 1.2%CVE-2023-39326—Denial of service via chunk extensions in net/httpEPSS 1.2%CVE-2022-41720HIGHRestricted file access on Windows in os and net/httpEPSS 1.2%CVE-2023-45290MEDIUMMemory exhaustion in multipart form parsing in net/textproto and net/httpEPSS 1.2%CVE-2023-39322—Memory exhaustion in QUIC connection handling in crypto/tlsEPSS 1.1%CVE-2023-39321—Panic when processing post-handshake message on QUIC connections in crypto/tlsEPSS 1.1%CVE-2024-34156HIGHStack exhaustion in Decoder.Decode in encoding/gobEPSS 1.1%CVE-2022-1705MEDIUMImproper sanitization of Transfer-Encoding headers in net/httpEPSS 1.1%CVE-2022-32148MEDIUMExposure of client IP addresses in net/httpEPSS 1.1%CVE-2022-41724—Panic on large handshake records in crypto/tlsEPSS 1.1%CVE-2022-2880—Incorrect sanitization of forwarded query parameters in net/http/httputilEPSS 1.1%CVE-2023-45289MEDIUMIncorrect forwarding of sensitive headers and cookies on HTTP redirect in net/httpEPSS 1.1%