Software Detail

Software Informaton Top

Programming

Software Detail

Number Of NVD

138

CRITICAL

HIGH

MEDIUM

LOW

URL	https://golang.org/
Explanation	It is a programming language developed by Google. It has a simple syntax and can be coded by anyone to look the same. It has been adopted by many companies because it is good at parallel processing and can perform well on multi-core systems. Since it is cross-compatible, it can be run in a variety of environments including Windows, Linux, Mac, and Android. As a result of prioritizing simplicity, there are some disadvantages such as the lack of exception handling (there are alternative functions), which is common in other languages. This may be implemented in the future. A major release is made about every 6 months. If a critical bug or security issue is fixed during the major release, a minor release is made. The last two major releases are supported and covered. Since major releases are made about every six months, the major version a year ago will no longer be supported.
Tag	BSD License オープンソース

Add Information URL

No	Type	Name	URL
1			https://github.com/golang/go/wiki/Go-Release-Cycle
2			https://golang.org/doc/devel/release.html
3			https://github.com/golang/go/wiki/MinorReleases
4			https://golang.org/security
5			https://golang.org/doc/copyright.html

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Critical	High	Medium	Low
131	go 1.21	1.21.13	Aug. 6, 2024	June 16, 2023	2	14	12	1
132	go 1.20	1.20.7	Aug. 1, 2023	Feb. 1, 2023	6	22	14	1
133	go 1.19	1.19.13	Sept. 6, 2023	Aug. 2, 2022	6	29	15	1
134	Go 1.18	1.18.10	Jan. 10, 2023	March 15, 2022	6	41	19	2
135	Go 1.17	1.17.13	Aug. 1, 2022	Aug. 16, 2021	8	47	20	2
136	Go 1.16	1.16.15	March 3, 2022	Feb. 16, 2021	8	53	27	2
137	Go 1.15	1.15.15	Aug. 4, 2021	Aug. 11, 2020	8	58	29	2
138	Go 1.14	1.14.15	Feb. 4, 2021	Feb. 25, 2020	8	58	31	2
139	Go 1.13	1.13.15	Aug. 6, 2020	Sept. 3, 2019	8	62	31	2
140	Go 1.12	1.12.17	Feb. 12, 2020	Feb. 25, 2019	10	63	31	2
141	go 1.9	1.9.7			11	66	32	2
142	go 1.8	1.8.7			11	66	33	2
143	go 1.7	1.7.6			11	69	33	2
144	go 1.6	1.6.4			11	71	33	2
145	go 1.5	1.5.4			11	72	33	2
146	go 1.4	1.4.3			14	70	33	2
147	go 1.3	1.3.3			14	70	34	2
148	go 1.2	1.20.7	Aug. 1, 2023		14	71	35	2
149	go 1.12	1.12.9			10	63	31	2
150	go 1.11	1.11.9			10	63	32	2
151	go 1.10	1.10.8			10	66	31	2
152	go 1.1	1.19.13	Sept. 6, 2023		14	72	35	2
153	go 1.0	1.0.3			15	70	33	2
154	go 0.0	0.0.0-20201203163018-be400aefbc4c			14	69	33	2

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
131	7.5 5.0	HIGH Network	The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit. It was possible for an attacker to generat…	CWE-769 DEPRECATED: Uncontrolled File Descriptor Consumption	CVE-2017-1000098	cpe:2.3:a:golang:go::	1.7		1.6.4 1.7.4	2024-11-21 12:04 2017-10-5	Show	GitHub Exploit DB Packet Storm

132	7.5 5.0	HIGH Network	On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verif…	CWE-295 Improper Certificate Validation	CVE-2017-1000097	cpe:2.3:a:golang:go::	1.7		1.6.4 1.7.4	2024-11-21 12:04 2017-10-5	Show	GitHub Exploit DB Packet Storm

133	5.9 4.3	MEDIUM Network	A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input po…	CWE-682 Incorrect Calculation	CVE-2017-8932	cpe:2.3:a:golang:go:1.8:* cpe:2.3:a:golang:go:1.8.1:* cpe:2.3:a:golang:go::		1.7.5		2024-11-21 12:35 2017-07-7	Show	GitHub Exploit DB Packet Storm

134	8.1 6.8	HIGH Network	The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client da…	CWE-284 Improper Access Control	CVE-2016-5386	cpe:2.3:a:golang:go:1.7:rc1 cpe:2.3:a:golang:go::	1.0		1.6.3	2024-11-21 11:54 2016-07-19	Show	GitHub Exploit DB Packet Storm

135	7.5 5.0	HIGH Network	The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a …	CWE-20 Improper Input Validation	CVE-2016-3959	cpe:2.3:a:golang:go:1.6:* cpe:2.3:a:golang:go::		1.5		2024-11-21 11:51 2016-05-24	Show	GitHub Exploit DB Packet Storm

136	7.8 7.2	HIGH Local	Untrusted search path vulnerability in Go before 1.5.4 and 1.6.x before 1.6.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, related to use …	CWE-264 Permissions, Privileges, and Access Controls	CVE-2016-3958	cpe:2.3:a:golang:go:1.6:* cpe:2.3:a:golang:go::	1.6 1.5		1.6.1 1.5.4	2024-11-21 11:51 2016-05-24	Show	GitHub Exploit DB Packet Storm

137	7.5 5.0	HIGH Network	The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for attackers to obtain private RSA keys…	CWE-200 Information Exposure	CVE-2015-8618	cpe:2.3:a:golang:go:1.5:* cpe:2.3:a:golang:go:1.5.2:* cpe:2.3:a:golang:go:1.5.1:*				2024-11-21 11:38 2016-01-28	Show	GitHub Exploit DB Packet Storm

138	- 4.3	MEDIUM	crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors.	CWE-264 Permissions, Privileges, and Access Controls	CVE-2014-7189	cpe:2.3:a:golang:go:1.3:* cpe:2.3:a:golang:go:1.3.1:* cpe:2.3:a:golang:go:1.2:* cpe:2.3:a:golang:go:1.2.2:*				2024-11-21 11:16 2014-10-7	Show	GitHub Exploit DB Packet Storm