VulnerableCode Package Details - pkg:deb/debian/golang-1.11@1.11.6-1%2Bdeb10u4

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-7ahs-f1qh-g7an	Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution.	CVE-2021-3114
VCID-dwge-3up7-yyaq	Withdrawn Advisory: Infinite loop in xz ### Withdrawn Advisory This advisory has been withdrawn because alerts cannot be issued for the Go standard library at this time. ### Original Description Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.	CVE-2020-16845 GHSA-q6gq-997w-f55g
VCID-ry9q-vr9h-cbg2	Helm uses crypto package vulnerable to panic from malformed X.509 certificate The Helm core maintainers have identified a high severity security vulnerability in Go's `crypto` package affecting all versions prior to Helm 2.16.8 and Helm 3.1.0. Thanks to @ravin9249 for identifying the vulnerability. ### Impact Go before 1.12.16 and 1.13.x before 1.13.7 (and the `crypto/cryptobyte` package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients resulting in a panic via a malformed X.509 certificate. This may allow a remote attacker to cause a denial of service. ### Patches A patch to compile Helm against Go 1.14.4 has been provided for Helm 2 and is available in Helm 2.16.8. Helm 3.1.0 and newer are compiled against Go 1.13.7+. ### Workarounds No workaround is available. Users are urged to upgrade. ### References - https://nvd.nist.gov/vuln/detail/CVE-2020-7919 - https://github.com/helm/helm/pull/8288 ### For more information If you have any questions or comments about this advisory: * Open an issue in [the Helm repository](https://github.com/helm/helm/issues) * For security-specific issues, email us at <cncf-helm-security@lists.cncf.io>	CVE-2020-7919 GHSA-cjjc-xp8v-855w
VCID-w9qm-pwnh-4ydj	golang: data race in certain net/http servers including ReverseProxy can lead to DoS	CVE-2020-15586

Vulnerability

Summary

Aliases

VCID-7ahs-f1qh-g7an

Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution.

CVE-2021-3114

VCID-dwge-3up7-yyaq

Withdrawn Advisory: Infinite loop in xz ### Withdrawn Advisory This advisory has been withdrawn because alerts cannot be issued for the Go standard library at this time. ### Original Description Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.

CVE-2020-16845
GHSA-q6gq-997w-f55g

VCID-ry9q-vr9h-cbg2

Helm uses crypto package vulnerable to panic from malformed X.509 certificate The Helm core maintainers have identified a high severity security vulnerability in Go's `crypto` package affecting all versions prior to Helm 2.16.8 and Helm 3.1.0. Thanks to @ravin9249 for identifying the vulnerability. ### Impact Go before 1.12.16 and 1.13.x before 1.13.7 (and the `crypto/cryptobyte` package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients resulting in a panic via a malformed X.509 certificate. This may allow a remote attacker to cause a denial of service. ### Patches A patch to compile Helm against Go 1.14.4 has been provided for Helm 2 and is available in Helm 2.16.8. Helm 3.1.0 and newer are compiled against Go 1.13.7+. ### Workarounds No workaround is available. Users are urged to upgrade. ### References - https://nvd.nist.gov/vuln/detail/CVE-2020-7919 - https://github.com/helm/helm/pull/8288 ### For more information If you have any questions or comments about this advisory: * Open an issue in [the Helm repository](https://github.com/helm/helm/issues) * For security-specific issues, email us at <cncf-helm-security@lists.cncf.io>

CVE-2020-7919
GHSA-cjjc-xp8v-855w

VCID-w9qm-pwnh-4ydj

golang: data race in certain net/http servers including ReverseProxy can lead to DoS

CVE-2020-15586

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-15T15:15:01.188732+00:00	Debian Oval Importer	Fixing	VCID-7ahs-f1qh-g7an	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.4.0
2026-04-15T15:04:33.804848+00:00	Debian Oval Importer	Fixing	VCID-dwge-3up7-yyaq	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.4.0
2026-04-15T14:51:20.259996+00:00	Debian Oval Importer	Fixing	VCID-ry9q-vr9h-cbg2	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.4.0
2026-04-15T14:46:54.637896+00:00	Debian Oval Importer	Fixing	VCID-w9qm-pwnh-4ydj	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.4.0
2026-04-11T15:03:20.614550+00:00	Debian Oval Importer	Fixing	VCID-7ahs-f1qh-g7an	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.3.0
2026-04-11T14:52:51.343918+00:00	Debian Oval Importer	Fixing	VCID-dwge-3up7-yyaq	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.3.0
2026-04-11T14:39:34.771534+00:00	Debian Oval Importer	Fixing	VCID-ry9q-vr9h-cbg2	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.3.0
2026-04-11T14:35:09.530095+00:00	Debian Oval Importer	Fixing	VCID-w9qm-pwnh-4ydj	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.3.0
2026-04-08T14:58:51.515402+00:00	Debian Oval Importer	Fixing	VCID-7ahs-f1qh-g7an	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.1.0
2026-04-07T23:25:23.534374+00:00	Debian Oval Importer	Fixing	VCID-dwge-3up7-yyaq	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.1.0
2026-04-07T23:12:37.524632+00:00	Debian Oval Importer	Fixing	VCID-ry9q-vr9h-cbg2	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.1.0
2026-04-07T23:08:20.810978+00:00	Debian Oval Importer	Fixing	VCID-w9qm-pwnh-4ydj	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.1.0