1. Home
  2. Security Advisories
  3. FreeBSD
  4. FREEBSD:78F2E491-312D-11EE-85F2-BD89B893FCB4

[FREEBSD:78F2E491-312D-11EE-85F2-BD89B893FCB4] go -- multiple vulnerabilities

Severity Critical
Affected Packages 2
CVEs 7
Info Packages References Vulnerabilities

The Go project reports:

  crypto/tls: restrict RSA keys in certificates to <= 8192 bits
  Extremely large RSA keys in certificate chains can cause
  a client/server to expend significant CPU time verifying
  signatures. Limit this by restricting the size of RSA keys
  transmitted during handshakes to <= 8192 bits. 


  net/http: insufficient sanitization of Host header
  The HTTP/1 client did not fully validate the contents of
   the Host header. A maliciously crafted Host header could
   inject additional headers or entire requests. The HTTP/1
   client now refuses to send requests containing an
   invalid Request.Host or Request.URL.Host value.


  cmd/go: cgo code injection
  The go command may generate unexpected code at build
   time when using cgo. This may result in unexpected
   behavior when running a go program which uses cgo.


  runtime: unexpected behavior of setuid/setgid binaries
  The Go runtime didn't act any differently when a binary
  had the setuid/setgid bit set. On Unix platforms, if a
  setuid/setgid binary was executed with standard I/O file
  descriptors closed, opening any files could result in
  unexpected content being read/written with elevated
  prilieges. Similarly if a setuid/setgid program was
  terminated, either via panic or signal, it could leak the
  contents of its registers.


  cmd/go: improper sanitization of LDFLAGS
  The go command may execute arbitrary code at build time
  when using cgo. This may occur when running "go get" on a
  malicious module, or when running any other command which
  builds untrusted code. This is can by triggered by linker
  flags, specified via a "#cgo LDFLAGS" directive.


  html/template: improper sanitization of CSS values

    Angle brackets (<>) were not considered dangerous
    characters when inserted into CSS contexts. Templates
    containing multiple actions separated by a '/' character
    could result in unexpectedly closing the CSS context and
    allowing for injection of unexpected HMTL, if executed
    with untrusted input.


  html/template: improper handling of JavaScript whitespace

    Not all valid JavaScript whitespace characters were
    considered to be whitespace. Templates containing
    whitespace characters outside of the character set
    "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that
    also contain actions may not be properly sanitized
    during execution.


  html/template: improper handling of empty HTML attributes

    Templates containing actions in unquoted HTML attributes
    (e.g. "attr={{.}}") executed with empty input could
    result in output that would have unexpected results when
    parsed due to HTML normalization rules. This may allow
    injection of arbitrary attributes into tags.
Package Affected Version
pkg:freebsd/go120 < 1.20.7
pkg:freebsd/go119 < 1.19.12
ID
FREEBSD:78F2E491-312D-11EE-85F2-BD89B893FCB4
Severity
critical
Severity from
CVE-2023-29402
URL
http://vuxml.freebsd.org/freebsd/78f2e491-312d-11ee-85f2-bd89b893fcb4.html
Published
2023-04-27T00:00:00
(17 months ago)
Modified
2023-08-02T00:00:00
(13 months ago)
Rights
FreeBSD VuXML Security Team
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:freebsd/go120 go120 < 1.20.7
Affected pkg:freebsd/go119 go119 < 1.19.12
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date