What Are You Looking For?

Sign Up

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2985-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Sylvain Beucler
April 28, 2022                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : golang-1.7
Version        : 1.7.4-2+deb9u5
CVE ID         : CVE-2022-23772 CVE-2022-23806 CVE-2022-24921

Several vulnerabilities were discovered in the Go programming
language. An attacker could trigger a denial-of-service (DoS) or
invalid cryptographic computation.

CVE-2022-23772

    Rat.SetString in math/big has an overflow that can lead to
    Uncontrolled Memory Consumption.

CVE-2022-23806

    Curve.IsOnCurve in crypto/elliptic can incorrectly return true in
    situations with a big.Int value that is not a valid field element.

CVE-2022-24921

    regexp.Compile allows stack exhaustion via a deeply nested
    expression.

For Debian 9 stretch, these problems have been fixed in version
1.7.4-2+deb9u5.

We recommend that you upgrade your golang-1.7 packages.

For the detailed security status of golang-1.7 please refer to
its security tracker page at:

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Debian LTS: DLA-2985-1: golang-1.7 security update

April 28, 2022
Several vulnerabilities were discovered in the Go programming language

Summary

CVE-2022-23772

Rat.SetString in math/big has an overflow that can lead to
Uncontrolled Memory Consumption.

CVE-2022-23806

Curve.IsOnCurve in crypto/elliptic can incorrectly return true in
situations with a big.Int value that is not a valid field element.

CVE-2022-24921

regexp.Compile allows stack exhaustion via a deeply nested
expression.

For Debian 9 stretch, these problems have been fixed in version
1.7.4-2+deb9u5.

We recommend that you upgrade your golang-1.7 packages.

For the detailed security status of golang-1.7 please refer to
its security tracker page at:

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Severity
Package : golang-1.7
Version : 1.7.4-2+deb9u5
CVE ID : CVE-2022-23772 CVE-2022-23806 CVE-2022-24921

Related News

GNOME Linux Systems Exposed to RCE Attacks Via File Downloads

Oct 9, 2023

Python’s New Security Developer Has Plans to Secure the Language

Nov 26, 2023

Widespread Xorg DoS, Privilege Escalation Vulns Fixed

Nov 13, 2023

Critical Exim RCE, Info Disclosure Bugs Fixed

Oct 8, 2023

News

Advisories

HOWTOs

Features

Password Guessing as an Attack Vector
Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management

About Us

Powered By

Footer Logo