Vulnerabilities (CVE)

Filtered by vendor Golang Subscribe
Filtered by product Go
Total 124 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-3959 3 Fedoraproject, Golang, Opensuse 3 Fedora, Go, Leap 2024-02-04 5.0 MEDIUM 7.5 HIGH
The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries.
CVE-2015-8618 2 Golang, Opensuse 2 Go, Leap 2024-02-04 5.0 MEDIUM 7.5 HIGH
The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors.
CVE-2016-5386 4 Fedoraproject, Golang, Oracle and 1 more 6 Fedora, Go, Linux and 3 more 2024-02-04 6.8 MEDIUM 8.1 HIGH
The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.
CVE-2016-3958 1 Golang 1 Go 2024-02-04 7.2 HIGH 7.8 HIGH
Untrusted search path vulnerability in Go before 1.5.4 and 1.6.x before 1.6.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function.