FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-16 19:33:48 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
3d73e384-ad1f-11ed-983c-83fe35862e3a	go -- multiple vulnerabilities The Go project reports: path/filepath: path traversal in filepath.Clean on Windows On Windows, the filepath.Clean function could transform an invalid path such as a/../c:/b into the valid path c:\b. This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. The filepath.Clean function will now transform this path into the relative (but still invalid) path .\c:\b. net/http, mime/multipart: denial of service from excessive resource consumption Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. crypto/tls: large handshake records may cause panics Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. net/http: avoid quadratic complexity in HPACK decoding A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. Discovery 2023-02-14 Entry 2023-02-15 go119 < 1.19.6 go120 < 1.20.1 CVE-2022-41722 CVE-2022-41725 CVE-2022-41724 CVE-2022-41723 https://groups.google.com/g/golang-dev/c/G2APtTxT1HQ/m/6O6aksDaBAAJ
742279d6-bdbe-11ed-a179-2b68e9d12706	go -- crypto/elliptic: incorrect P-256 ScalarMult and ScalarBaseMult results The Go project reports: crypto/elliptic: incorrect P-256 ScalarMult and ScalarBaseMult results The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). Discovery 2023-02-22 Entry 2023-03-08 go119 < 1.19.7 go120 < 1.20.2 CVE-2023-24532 https://groups.google.com/g/golang-dev/c/3wmx8i5WvNY/m/AEOlccrGAwAJ

VuXML ID

Description

3d73e384-ad1f-11ed-983c-83fe35862e3a

go -- multiple vulnerabilities

The Go project reports:

path/filepath: path traversal in filepath.Clean on Windows

On Windows, the filepath.Clean function could transform an invalid path such as a/../c:/b into the valid path c:\b. This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. The filepath.Clean function will now transform this path into the relative (but still invalid) path .\c:\b.

net/http, mime/multipart: denial of service from excessive resource consumption

Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue.

crypto/tls: large handshake records may cause panics

Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses.

net/http: avoid quadratic complexity in HPACK decoding

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.

Discovery 2023-02-14
Entry 2023-02-15
go119

< 1.19.6

go120

< 1.20.1

CVE-2022-41722
CVE-2022-41725
CVE-2022-41724
CVE-2022-41723
https://groups.google.com/g/golang-dev/c/G2APtTxT1HQ/m/6O6aksDaBAAJ

742279d6-bdbe-11ed-a179-2b68e9d12706

go -- crypto/elliptic: incorrect P-256 ScalarMult and ScalarBaseMult results

The Go project reports:

crypto/elliptic: incorrect P-256 ScalarMult and ScalarBaseMult results

The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve).

Discovery 2023-02-22
Entry 2023-03-08
go119

< 1.19.7

go120

< 1.20.2

CVE-2023-24532
https://groups.google.com/g/golang-dev/c/3wmx8i5WvNY/m/AEOlccrGAwAJ