National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:golang:go:1.3:rc1
There are 24 matching records.
Displaying matches 21 through 24.
Vuln ID Summary CVSS Severity
CVE-2016-5386

The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.

Published: July 18, 2016; 10:00:18 PM -04:00
V3.0: 8.1 HIGH
    V2: 6.8 MEDIUM
CVE-2016-3959

The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries.

Published: May 23, 2016; 03:59:04 PM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2016-3958

Untrusted search path vulnerability in Go before 1.5.4 and 1.6.x before 1.6.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function.

Published: May 23, 2016; 03:59:03 PM -04:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2014-7189

crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors.

Published: October 07, 2014; 10:55:07 AM -04:00
    V2: 4.3 MEDIUM