go -- multiple vulnerabilities
The Go project reports:
crypto/tls: restrict RSA keys in certificates to <= 8192 bits
Extremely large RSA keys in certificate chains can cause
a client/server to expend significant CPU time verifying
signatures. Limit this by restricting the size of RSA keys
transmitted during handshakes to <= 8192 bits.
net/http: insufficient sanitization of Host header
The HTTP/1 client did not fully validate the contents of
the Host header. A maliciously crafted Host header could
inject additional headers or entire requests. The HTTP/1
client now refuses to send requests containing an
invalid Request.Host or Request.URL.Host value.
cmd/go: cgo code injection
The go command may generate unexpected code at build
time when using cgo. This may result in unexpected
behavior when running a go program which uses cgo.
runtime: unexpected behavior of setuid/setgid binaries
The Go runtime didn't act any differently when a binary
had the setuid/setgid bit set. On Unix platforms, if a
setuid/setgid binary was executed with standard I/O file
descriptors closed, opening any files could result in
unexpected content being read/written with elevated
prilieges. Similarly if a setuid/setgid program was
terminated, either via panic or signal, it could leak the
contents of its registers.
cmd/go: improper sanitization of LDFLAGS
The go command may execute arbitrary code at build time
when using cgo. This may occur when running "go get" on a
malicious module, or when running any other command which
builds untrusted code. This is can by triggered by linker
flags, specified via a "#cgo LDFLAGS" directive.
html/template: improper sanitization of CSS values
Angle brackets (<>) were not considered dangerous
characters when inserted into CSS contexts. Templates
containing multiple actions separated by a '/' character
could result in unexpectedly closing the CSS context and
allowing for injection of unexpected HMTL, if executed
with untrusted input.
html/template: improper handling of JavaScript whitespace
Not all valid JavaScript whitespace characters were
considered to be whitespace. Templates containing
whitespace characters outside of the character set
"\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that
also contain actions may not be properly sanitized
during execution.
html/template: improper handling of empty HTML attributes
Templates containing actions in unquoted HTML attributes
(e.g. "attr={{.}}") executed with empty input could
result in output that would have unexpected results when
parsed due to HTML normalization rules. This may allow
injection of arbitrary attributes into tags.
Discovery 2023-04-27 Entry 2023-08-02 go119
< 1.19.12
go120
< 1.20.7
CVE-2023-29406
CVE-2023-29402
CVE-2023-29403
CVE-2023-29404
CVE-2023-24539
CVE-2023-24540
CVE-2023-29400
https://groups.google.com/u/1/g/golang-announce/c/X0b6CsSAaYI
https://groups.google.com/u/1/g/golang-announce/c/2q13H6LEEx0
https://groups.google.com/u/1/g/golang-announce/c/q5135a9d924
https://groups.google.com/u/1/g/golang-announce/c/MEb0UyuSMsU
|