CVE-2021-38297 | critical | 9.80 | go | 1.16.7 | fixed in 1.17.2, 1.16.9 | > 4 months | < 1 hour | Go before 1.16.9 and 1.17.x before 1.17.2 has a |
| | | | | | > 4 months ago | | | Buffer Overflow via large arguments in a function |
| | | | | | | | | invocation from a WASM module, when GOARCH=wasm |
| | | | | | | | | GOOS... |
+----------------+----------+------+---------+---------+--------------------------+------------+------------+----------------------------------------------------+
| CVE-2022-23806 | critical | 9.10 | go | 1.16.7 | fixed in 1.17.7, 1.16.14 | 14 days | < 1 hour | Curve.IsOnCurve in crypto/elliptic in Go before |
| | | | | | 14 days ago | | | 1.16.14 and 1.17.x before 1.17.7 can incorrectly |
| | | | | | | | | return true in situations with a big.Int value |
| | | | | | | | | that i... |
+----------------+----------+------+---------+---------+--------------------------+------------+------------+----------------------------------------------------+
| CVE-2022-23773 | high | 7.50 | go | 1.16.7 | fixed in 1.17.7, 1.16.14 | 14 days | < 1 hour | cmd/go in Go before 1.16.14 and 1.17.x before |
| | | | | | 14 days ago | | | 1.17.7 can misinterpret branch names that falsely |
| | | | | | | | | appear to be version tags. This can lead to |
| | | | | | | | | incorrect ... |
+----------------+----------+------+---------+---------+--------------------------+------------+------------+----------------------------------------------------+
tianon
commented
2 years ago
CVE-2021-38297 | critical | 9.80 | go | 1.16.7 | fixed in 1.17.2, 1.16.9 | > 4 months | < 1 hour | Go before 1.16.9 and 1.17.x before 1.17.2 has a | | | | | | | > 4 months ago | | | Buffer Overflow via large arguments in a function | | | | | | | | | | invocation from a WASM module, when GOARCH=wasm | | | | | | | | | | GOOS... | +----------------+----------+------+---------+---------+--------------------------+------------+------------+----------------------------------------------------+ | CVE-2022-23806 | critical | 9.10 | go | 1.16.7 | fixed in 1.17.7, 1.16.14 | 14 days | < 1 hour | Curve.IsOnCurve in crypto/elliptic in Go before | | | | | | | 14 days ago | | | 1.16.14 and 1.17.x before 1.17.7 can incorrectly | | | | | | | | | | return true in situations with a big.Int value | | | | | | | | | | that i... | +----------------+----------+------+---------+---------+--------------------------+------------+------------+----------------------------------------------------+ | CVE-2022-23773 | high | 7.50 | go | 1.16.7 | fixed in 1.17.7, 1.16.14 | 14 days | < 1 hour | cmd/go in Go before 1.16.14 and 1.17.x before | | | | | | | 14 days ago | | | 1.17.7 can misinterpret branch names that falsely | | | | | | | | | | appear to be version tags. This can lead to | | | | | | | | | | incorrect ... | +----------------+----------+------+---------+---------+--------------------------+------------+------------+----------------------------------------------------+