ALAS2023-2023-047 --- golang-github-cpuguy83-md2manID: oval:org.secpod.oval:def:19500031 | Date: (C)2023-06-12 (M)2024-02-26 |
Class: PATCH | Family: unix |
2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory.A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability. A buffer overflow flaw was found in Golang's library encoding/pem. This flaw allows an attacker to use a large PEM input (CVE-2022-24675(CVE-2022-27191(CVE-2022-28131(((CVE-2022-28327(CVE-2022-29526(CVE-2022-30629(CVE-2022-30630(CVE-2022-30631(CVE-2022-30632(CVE-2022-30633(CVE-2022-30635(CVE-2022-32148
Platform: |
Amazon Linux 2023 |
Product: |
golang-github-cpuguy83-md2man |
compat-golang-github-cpuguy83-md2man-2-devel |