Search for packages
| purl | pkg:alpm/archlinux/go@2:1.12.7-1 |
| Next non-vulnerable version | 2:1.12.8-1 |
| Latest non-vulnerable version | 2:1.24.3-1 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3gua-vux5-aaaq
Aliases: CVE-2019-9512 GHSA-hgr8-6h9x-f7q9 |
Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. |
Affected by 0 other vulnerabilities. |
|
VCID-4ug2-ug11-aaac
Aliases: CVE-2019-14809 |
net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is related to a non-numeric port number. For example, an attacker can compose a crafted javascript:// URL that results in a hostname of google.com. |
Affected by 0 other vulnerabilities. |
|
VCID-6ypc-78mx-aaac
Aliases: CVE-2019-9514 GHSA-39qc-96h7-956f |
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-03-28T07:46:51.038616+00:00 | Arch Linux Importer | Affected by | VCID-4ug2-ug11-aaac | https://security.archlinux.org/AVG-1021 | 36.0.0 |
| 2025-03-28T07:46:51.003111+00:00 | Arch Linux Importer | Affected by | VCID-3gua-vux5-aaaq | https://security.archlinux.org/AVG-1021 | 36.0.0 |
| 2025-03-28T07:46:50.970562+00:00 | Arch Linux Importer | Affected by | VCID-6ypc-78mx-aaac | https://security.archlinux.org/AVG-1021 | 36.0.0 |
| 2024-09-18T02:02:11.951073+00:00 | Arch Linux Importer | Affected by | VCID-4ug2-ug11-aaac | https://security.archlinux.org/AVG-1021 | 34.0.1 |
| 2024-09-18T02:02:11.926876+00:00 | Arch Linux Importer | Affected by | VCID-3gua-vux5-aaaq | https://security.archlinux.org/AVG-1021 | 34.0.1 |
| 2024-09-18T02:02:11.903543+00:00 | Arch Linux Importer | Affected by | VCID-6ypc-78mx-aaac | https://security.archlinux.org/AVG-1021 | 34.0.1 |
| 2024-01-03T22:28:14.307315+00:00 | Arch Linux Importer | Affected by | VCID-4ug2-ug11-aaac | https://security.archlinux.org/AVG-1021 | 34.0.0rc1 |
| 2024-01-03T22:28:14.284946+00:00 | Arch Linux Importer | Affected by | VCID-3gua-vux5-aaaq | https://security.archlinux.org/AVG-1021 | 34.0.0rc1 |
| 2024-01-03T22:28:14.263283+00:00 | Arch Linux Importer | Affected by | VCID-6ypc-78mx-aaac | https://security.archlinux.org/AVG-1021 | 34.0.0rc1 |