FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
3d73e384-ad1f-11ed-983c-83fe35862e3a	go -- multiple vulnerabilities The Go project reports: path/filepath: path traversal in filepath.Clean on Windows On Windows, the filepath.Clean function could transform an invalid path such as a/../c:/b into the valid path c:\b. This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. The filepath.Clean function will now transform this path into the relative (but still invalid) path .\c:\b. net/http, mime/multipart: denial of service from excessive resource consumption Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. crypto/tls: large handshake records may cause panics Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. net/http: avoid quadratic complexity in HPACK decoding A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. Discovery 2023-02-14 Entry 2023-02-15 go119 < 1.19.6 go120 < 1.20.1 CVE-2022-41722 CVE-2022-41725 CVE-2022-41724 CVE-2022-41723 https://groups.google.com/g/golang-dev/c/G2APtTxT1HQ/m/6O6aksDaBAAJ

VuXML ID

Description

3d73e384-ad1f-11ed-983c-83fe35862e3a

go -- multiple vulnerabilities

The Go project reports:

path/filepath: path traversal in filepath.Clean on Windows

On Windows, the filepath.Clean function could transform an invalid path such as a/../c:/b into the valid path c:\b. This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. The filepath.Clean function will now transform this path into the relative (but still invalid) path .\c:\b.

net/http, mime/multipart: denial of service from excessive resource consumption

Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue.

crypto/tls: large handshake records may cause panics

Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses.

net/http: avoid quadratic complexity in HPACK decoding

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.

Discovery 2023-02-14
Entry 2023-02-15
go119

< 1.19.6

go120

< 1.20.1

CVE-2022-41722
CVE-2022-41725
CVE-2022-41724
CVE-2022-41723
https://groups.google.com/g/golang-dev/c/G2APtTxT1HQ/m/6O6aksDaBAAJ