ALAS2023-2023-046 --- golistID: oval:org.secpod.oval:def:19500050 | Date: (C)2023-06-12 (M)2024-02-26 |
Class: PATCH | Family: unix |
2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory.A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability. A buffer overflow flaw was found in Golang's library encoding/pem. This flaw allows an attacker to use a large PEM input (CVE-2022-24675(CVE-2022-27191(CVE-2022-28131(((CVE-2022-28327(CVE-2022-2879(CVE-2022-29526(CVE-2022-30629(CVE-2022-30630(CVE-2022-30631(CVE-2022-30632(CVE-2022-30633(CVE-2022-30635(CVE-2022-32148(CVE-2022-41715
Platform: |
Amazon Linux 2023 |