FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
15888c7e-e659-11ec-b7fe-10c37b4ac2eago -- multiple vulnerabilities

The Go project reports:

crypto/rand: rand.Read hangs with extremely large buffers

On Windows, rand.Read will hang indefinitely if passed a buffer larger than 1 << 32 - 1 bytes.

crypto/tls: session tickets lack random ticket_age_add

Session tickets generated by crypto/tls did not contain a randomly generated ticket_age_add. This allows an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.

os/exec: empty Cmd.Path can result in running unintended binary on Windows

If, on Windows, Cmd.Run, cmd.Start, cmd.Output, or cmd.CombinedOutput are executed when Cmd.Path is unset and, in the working directory, there are binaries named either "..com" or "..exe", they will be executed.

path/filepath: Clean(`.\c:`) returns `c:` on Windows

On Windows, the filepath.Clean function could convert an invalid path to a valid, absolute path. For example, Clean(`.\c:`) returned `c:`.


Discovery 2022-06-01
Entry 2022-06-07
go118
< 1.18.3

go117
< 1.17.11

https://groups.google.com/g/golang-dev/c/DidEMYAH_n0
CVE-2022-30634
https://go.dev/issue/52561
CVE-2022-30629
https://go.dev/issue/52814
CVE-2022-30580
https://go.dev/issue/52574
CVE-2022-29804
https://go.dev/issue/52476