[FREEBSD:15888C7E-E659-11EC-B7FE-10C37B4AC2EA] go -- multiple vulnerabilities
Severity
High
Affected Packages
2
CVEs
4
The Go project reports:
crypto/rand: rand.Read hangs with extremely large buffers
On Windows, rand.Read will hang indefinitely if passed a
buffer larger than 1 << 32 - 1 bytes.
crypto/tls: session tickets lack random ticket_age_add
Session tickets generated by crypto/tls did not contain
a randomly generated ticket_age_add. This allows an
attacker that can observe TLS handshakes to correlate
successive connections by comparing ticket ages during
session resumption.
os/exec: empty Cmd.Path can result in running unintended
binary on Windows
If, on Windows, Cmd.Run, cmd.Start, cmd.Output, or
cmd.CombinedOutput are executed when Cmd.Path is unset
and, in the working directory, there are binaries named
either "..com" or "..exe", they will be executed.
path/filepath: Clean(`.\c:`) returns `c:` on Windows
On Windows, the filepath.Clean function could convert an
invalid path to a valid, absolute path. For example,
Clean(`.\c:`) returned `c:`.
Package | Affected Version |
---|---|
pkg:freebsd/go118 | < 1.18.3 |
pkg:freebsd/go117 | < 1.17.11 |
- ID
- FREEBSD:15888C7E-E659-11EC-B7FE-10C37B4AC2EA
- Severity
- high
- Severity from
- CVE-2022-30580
- URL
- http://vuxml.freebsd.org/freebsd/15888c7e-e659-11ec-b7fe-10c37b4ac2ea.html
- Published
-
2022-06-01T00:00:00
(2 years ago) - Modified
-
2022-06-07T00:00:00
(2 years ago) - Rights
- FreeBSD VuXML Security Team
- Other Advisories
-
- ALAS-2022-1635
- ALAS-2023-1731
- ALAS2-2022-1846
- ALAS2-2022-1847
- ALAS2-2022-1858
- ALAS2-2022-1859
- ALAS2-2022-1860
- ALAS2-2022-1861
- ALAS2-2022-1862
- ALAS2-2022-1863
- ALAS2-2022-1864
- ALAS2-2022-1865
- ALAS2-2023-2015
- ALPINE:CVE-2022-29804
- ALPINE:CVE-2022-30580
- ALPINE:CVE-2022-30629
- ALPINE:CVE-2022-30634
- ALSA-2023:2253
- ALSA-2023:2282
- ALSA-2023:2283
- ALSA-2023:2367
- ALSA-2023:2758
- ELSA-2022-17956
- ELSA-2022-17957
- ELSA-2023-2253
- ELSA-2023-2282
- ELSA-2023-2283
- ELSA-2023-2367
- ELSA-2023-2758
- FEDORA-2022-13ad572b5a
- FEDORA-2022-30c5ed5625
- FEDORA-2022-3969b64d4b
- FEDORA-2022-3e1ade35db
- FEDORA-2022-4a48180f3f
- FEDORA-2022-4b5537c44c
- FEDORA-2022-5038c3236c
- FEDORA-2022-53e0f427dd
- FEDORA-2022-5ef0bd9a27
- FEDORA-2022-6716cd0da2
- FEDORA-2022-739c7a0058
- FEDORA-2022-741325e9a0
- FEDORA-2022-8bf5635efc
- FEDORA-2022-9986fbb3d7
- FEDORA-2022-9a9a638d09
- FEDORA-2022-b0bd0219ff
- FEDORA-2022-ba365d3703
- FEDORA-2022-e674d52438
- FEDORA-2022-ea8f4e232d
- FEDORA-2022-fae3ecee19
- FEDORA-2023-e8c27ba884
- FEDORA-2024-80e062d21a
- FEDORA-2024-9cc0e0c63e
- FEDORA-2024-d652859efb
- GLSA-202208-02
- GO-2022-0477
- GO-2022-0531
- GO-2022-0532
- GO-2022-0533
- MS:CVE-2022-30580
- MS:CVE-2022-30629
- RHSA-2022:5775
- RHSA-2022:5799
- RHSA-2023:2253
- RHSA-2023:2282
- RHSA-2023:2283
- RHSA-2023:2367
- RHSA-2023:2758
- SUSE-SU-2022:2004-1
- SUSE-SU-2022:2005-1
- SUSE-SU-2023:2312-1
- USN-6038-1
- USN-6038-2
Source | # ID | Name | URL |
---|---|---|---|
FreeBSD VuXML | https://groups.google.com/g/golang-dev/c/DidEMYAH_n0 | ||
FreeBSD VuXML | https://go.dev/issue/52561 | ||
FreeBSD VuXML | https://go.dev/issue/52814 | ||
FreeBSD VuXML | https://go.dev/issue/52574 | ||
FreeBSD VuXML | https://go.dev/issue/52476 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |