File tree Expand file tree Collapse file tree 26 files changed +27
-26
lines changed Expand file tree Collapse file tree 26 files changed +27
-26
lines changed Original file line number Diff line number Diff line change @@ -28,7 +28,8 @@ modules:
28
28
- ParsePublicKey
29
29
- ParseRawPrivateKey
30
30
- ParseRawPrivateKeyWithPassphrase
31
- summary : ' TODO(https://go.dev/issue/56443): fill in summary field'
31
+ summary : |
32
+ Panic due to improper verification of cryptographic signatures in golang.org/x/crypto/ssh
32
33
description : |
33
34
An attacker can craft an ssh-ed25519 or [email protected] public
34
35
key, such that the library will panic when trying to verify a signature
Original file line number Diff line number Diff line change 9
9
- NewClientConn
10
10
derived_symbols :
11
11
- Dial
12
- summary : ' TODO(https://go.dev/issue/56443): fill in summary field '
12
+ summary : Man-in-the-middle attack in golang.org/x/crypto/ssh
13
13
description : |
14
14
By default host key verification is disabled which allows for
15
15
man-in-the-middle attacks against SSH clients if
Original file line number Diff line number Diff line change @@ -11,7 +11,7 @@ modules:
11
11
derived_symbols :
12
12
- Parse
13
13
- ParseFragment
14
- summary : ' TODO(https://go.dev/issue/56443): fill in summary field '
14
+ summary : Infinite loop in golang.org/x/net/html
15
15
description : |
16
16
html.Parse does not properly handle "select" tags, which can lead
17
17
to an infinite loop. If parsing user supplied input, this may be used
Original file line number Diff line number Diff line change @@ -12,7 +12,7 @@ modules:
12
12
- package : golang.org/x/text/transform
13
13
symbols :
14
14
- String
15
- summary : ' TODO(https://go.dev/issue/56443): fill in summary field '
15
+ summary : Infinite loop in golang.org/x/text
16
16
description : |
17
17
An attacker could provide a single byte to a UTF16 decoder instantiated with
18
18
UseBOM or ExpectBOM to trigger an infinite loop if the String function on
Original file line number Diff line number Diff line change @@ -11,7 +11,7 @@ modules:
11
11
derived_symbols :
12
12
- Parse
13
13
- ParseFragment
14
- summary : ' TODO(https://go.dev/issue/56443): fill in summary field '
14
+ summary : Panic in golang.org/x/net/html
15
15
description : |
16
16
The HTML parser does not properly handle "in frameset" insertion mode, and can be made
17
17
to panic when operating on malformed HTML that contains <template> tags. If operating
Original file line number Diff line number Diff line change @@ -11,7 +11,7 @@ modules:
11
11
- MatchStrings
12
12
- MustParse
13
13
- ParseAcceptLanguage
14
- summary : ' TODO(https://go.dev/issue/56443): fill in summary field '
14
+ summary : Out-of-bounds read in golang.org/x/text/language
15
15
description : |
16
16
Due to improper index calculation, an incorrectly formatted language tag can cause Parse
17
17
to panic via an out of bounds read. If Parse is used to process untrusted user inputs,
Original file line number Diff line number Diff line change 9
9
- connection.serverAuthenticate
10
10
derived_symbols :
11
11
- NewServerConn
12
- summary : ' TODO(https://go.dev/issue/56443): fill in summary field '
12
+ summary : Panic in golang.org/x/crypto/ssh
13
13
description : |
14
14
Clients can cause a panic in SSH servers. An attacker can craft
15
15
an authentication request message for the “gssapi-with-mic” method
Original file line number Diff line number Diff line change @@ -12,7 +12,7 @@ modules:
12
12
- ParseFragment
13
13
- ParseFragmentWithOptions
14
14
- ParseWithOptions
15
- summary : ' TODO(https://go.dev/issue/56443): fill in summary field '
15
+ summary : Infinite loop in golang.org/x/net/html
16
16
description : |
17
17
An attacker can craft an input to ParseFragment that causes it
18
18
to enter an infinite loop and never return.
Original file line number Diff line number Diff line change 7
7
- package : golang.org/x/crypto/ssh
8
8
symbols :
9
9
- ServerConfig.AddHostKey
10
- summary : ' TODO(https://go.dev/issue/56443): fill in summary field '
10
+ summary : Denial of service in golang.org/x/crypto/ssh
11
11
description : |
12
12
Attackers can cause a crash in SSH servers when the server has been
13
13
configured by passing a Signer to ServerConfig.AddHostKey such that
Original file line number Diff line number Diff line change @@ -10,7 +10,7 @@ modules:
10
10
derived_symbols :
11
11
- Parse
12
12
- ParseFragment
13
- summary : ' TODO(https://go.dev/issue/56443): fill in summary field '
13
+ summary : Improper input validation in golang.org/x/net/html
14
14
description : |
15
15
The Parse function can panic on some invalid inputs.
16
16
Original file line number Diff line number Diff line change @@ -10,7 +10,7 @@ modules:
10
10
derived_symbols :
11
11
- Parse
12
12
- ParseFragment
13
- summary : ' TODO(https://go.dev/issue/56443): fill in summary field '
13
+ summary : Improper input validation in golang.org/x/net/html
14
14
description : |
15
15
The Parse function can panic on some invalid inputs.
16
16
Original file line number Diff line number Diff line change @@ -10,7 +10,7 @@ modules:
10
10
derived_symbols :
11
11
- Parse
12
12
- ParseFragment
13
- summary : ' TODO(https://go.dev/issue/56443): fill in summary field '
13
+ summary : Panic in golang.org/x/net/html
14
14
description : |
15
15
The Parse function can panic on some invalid inputs.
16
16
Original file line number Diff line number Diff line change 9
9
- amd64
10
10
symbols :
11
11
- XORKeyStream
12
- summary : ' TODO(https://go.dev/issue/56443): fill in summary field '
12
+ summary : Insufficiently random values in golang.org/x/crypto/salsa20
13
13
description : |
14
14
XORKeyStream generates incorrect and insecure output for very
15
15
large inputs.
Original file line number Diff line number Diff line change @@ -10,7 +10,7 @@ modules:
10
10
symbols :
11
11
- Verify
12
12
skip_fix : ' TODO: revisit this reason (fix appears to not work with Go <1.18)'
13
- summary : ' TODO(https://go.dev/issue/56443): fill in summary field '
13
+ summary : Panic in crypto/dsa
14
14
description : |
15
15
Invalid DSA public keys can cause a panic in dsa.Verify. In particular,
16
16
using crypto/x509.Verify on a crafted X.509 certificate chain can lead to a
Original file line number Diff line number Diff line change @@ -13,7 +13,7 @@ modules:
13
13
vulnerable_at : 0.0.0-20200115085410-6d4e4cb37c7d
14
14
packages :
15
15
- package : golang.org/x/crypto/cryptobyte
16
- summary : ' TODO(https://go.dev/issue/56443): fill in summary field '
16
+ summary : Panic in crypto/x509 and golang.org/x/crypto/cryptobyte
17
17
description : |
18
18
On 32-bit architectures, a malformed input to crypto/x509 or
19
19
the ASN.1 parsing functions of golang.org/x/crypto/cryptobyte
Original file line number Diff line number Diff line change @@ -22,7 +22,7 @@ modules:
22
22
- headerValueContainsToken
23
23
derived_symbols :
24
24
- HeaderValuesContainsToken
25
- summary : ' TODO(https://go.dev/issue/56443): fill in summary field '
25
+ summary : Panic in net/http and golang.org/x/net/http/httpguts
26
26
description : |
27
27
A malicious HTTP server or client can cause the net/http client
28
28
or server to panic.
Original file line number Diff line number Diff line change @@ -19,7 +19,7 @@ modules:
19
19
- serverConn.canonicalHeader
20
20
derived_symbols :
21
21
- Server.ServeConn
22
- summary : ' TODO(https://go.dev/issue/56443): fill in summary field '
22
+ summary : Unbounded memory growth in net/http and golang.org/x/net/http2
23
23
description : |
24
24
An attacker can cause unbounded memory growth in servers accepting
25
25
HTTP/2 requests.
Original file line number Diff line number Diff line change @@ -19,7 +19,7 @@ modules:
19
19
- Faccessat
20
20
derived_symbols :
21
21
- Access
22
- summary : ' TODO(https://go.dev/issue/56443): fill in summary field '
22
+ summary : Incorrect privilege reporting in syscall and golang.org/x/sys/unix
23
23
description : |
24
24
When called with a non-zero flags parameter, the Faccessat function
25
25
can incorrectly report that a file is accessible.
Original file line number Diff line number Diff line change @@ -22,7 +22,7 @@ modules:
22
22
- serverConn.serve
23
23
- serverConn.writeFrame
24
24
- serverConn.scheduleFrameWrite
25
- summary : ' TODO(https://go.dev/issue/56443): fill in summary field '
25
+ summary : Reset flood in net/http and golang.org/x/net/http
26
26
description : |
27
27
Some HTTP/2 implementations are vulnerable to a reset flood, potentially
28
28
leading to a denial of service.
Original file line number Diff line number Diff line change @@ -12,7 +12,7 @@ modules:
12
12
- Dial
13
13
- NewClientConn
14
14
- NewServerConn
15
- summary : ' TODO(https://go.dev/issue/56443): fill in summary field '
15
+ summary : Panic in golang.org/x/crypto/ssh
16
16
description : |
17
17
Unauthenticated clients can cause a panic in SSH servers.
18
18
Original file line number Diff line number Diff line change @@ -29,7 +29,7 @@ modules:
29
29
- serverConn.goAway
30
30
derived_symbols :
31
31
- Server.ServeConn
32
- summary : ' TODO(https://go.dev/issue/56443): fill in summary field '
32
+ summary : Denial of service in net/http and golang.org/x/net/http2
33
33
description : |
34
34
HTTP/2 server connections can hang forever waiting for a clean shutdown
35
35
that was preempted by a fatal error. This condition can be exploited
Original file line number Diff line number Diff line change 9
9
- ParseAcceptLanguage
10
10
derived_symbols :
11
11
- MatchStrings
12
- summary : ' TODO(https://go.dev/issue/56443): fill in summary field '
12
+ summary : Denial of service in golang.org/x/text/language
13
13
description : |
14
14
An attacker may cause a denial of service by crafting an Accept-Language
15
15
header which ParseAcceptLanguage will take significant time to parse.
Original file line number Diff line number Diff line change @@ -29,7 +29,7 @@ modules:
29
29
- serverConn.canonicalHeader
30
30
derived_symbols :
31
31
- Server.ServeConn
32
- summary : ' TODO(https://go.dev/issue/56443): fill in summary field '
32
+ summary : Excessive memory growth in net/http and golang.org/x/net/http2
33
33
description : |
34
34
An attacker can cause excessive memory growth in a Go server accepting
35
35
HTTP/2 requests.
Original file line number Diff line number Diff line change 9
9
symbols :
10
10
- h2cHandler.ServeHTTP
11
11
- h2cUpgrade
12
- summary : ' TODO(https://go.dev/issue/56443): fill in summary field '
12
+ summary : Request smuggling in golang.org/x/net/http2/h2c
13
13
description : |
14
14
A request smuggling attack is possible when using MaxBytesHandler.
15
15
Original file line number Diff line number Diff line change @@ -112,7 +112,7 @@ modules:
112
112
derived_symbols :
113
113
- Decoder.DecodeFull
114
114
- Decoder.Write
115
- summary : ' TODO(https://go.dev/issue/56443): fill in summary field '
115
+ summary : Denial of service in net/http and golang.org/x/net/http2
116
116
description : |
117
117
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption
118
118
in the HPACK decoder, sufficient to cause a denial of service from a small
Original file line number Diff line number Diff line change @@ -11,7 +11,7 @@ modules:
11
11
- Decode
12
12
derived_symbols :
13
13
- DecodeConfig
14
- summary : ' TODO(https://go.dev/issue/56443): fill in summary field '
14
+ summary : Denial of service in golang.org/x/image/tiff
15
15
description : |
16
16
An attacker can craft a malformed TIFF image which will consume a
17
17
significant amount of memory when passed to DecodeConfig. This could
You can’t perform that action at this time.
0 commit comments