Vulnerability-Lookup

WID-SEC-W-2026-0129

Vulnerability from csaf_certbund - Published: 2026-01-15 23:00 - Updated: 2026-03-08 23:00

Summary

Golang Go: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Go ist eine quelloffene Programmiersprache.

Angriff

Ein Angreifer kann mehrere Schwachstellen in Golang Go ausnutzen, um einen Denial of Service Angriff durchzuführen, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, Daten zu manipulieren oder vertrauliche Informationen offenzulegen.

Betroffene Betriebssysteme

- Sonstiges - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Go ist eine quelloffene Programmiersprache.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Golang Go ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten zu manipulieren oder vertrauliche Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0129 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0129.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0129 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0129"
      },
      {
        "category": "external",
        "summary": "Go 1.25.6 and Go 1.24.12 release notes vom 2026-01-15",
        "url": "https://seclists.org/oss-sec/2026/q1/68"
      },
      {
        "category": "external",
        "summary": "GitHub Golang Issue 77101 vom 2026-01-15",
        "url": "https://github.com/golang/go/issues/77101"
      },
      {
        "category": "external",
        "summary": "GitHub Golang Issue 77102 vom 2026-01-15",
        "url": "https://github.com/golang/go/issues/77102"
      },
      {
        "category": "external",
        "summary": "GitHub Golang Issue 76443 vom 2026-01-15",
        "url": "https://github.com/golang/go/issues/76443"
      },
      {
        "category": "external",
        "summary": "GitHub Golang Issue 77100 vom 2026-01-15",
        "url": "https://github.com/golang/go/issues/77100"
      },
      {
        "category": "external",
        "summary": "GitHub Golang Issue 77099 vom 2026-01-15",
        "url": "https://github.com/golang/go/issues/77099"
      },
      {
        "category": "external",
        "summary": "GitHub Golang Issue 77113 vom 2026-01-15",
        "url": "https://github.com/golang/go/issues/77113"
      },
      {
        "category": "external",
        "summary": "CoreDNS-1.14.1 Release Notes vom 2026-01-19",
        "url": "https://coredns.io/2026/01/15/coredns-1.14.-release/"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10063-1 vom 2026-01-19",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NH2ETRY5I4475P2G36TA426YNBGAZLJM/"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10064-1 vom 2026-01-19",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EJZDHBHKXYC7TOPJZKAU6QZKMN53VSVC/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:0219-1 vom 2026-01-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023866.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:0218-1 vom 2026-01-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023867.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:0298-1 vom 2026-01-27",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5Q63UO2LYEIXNPXRBOE6F42PWFVTQ6LQ/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:0297-1 vom 2026-01-27",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023924.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:0296-1 vom 2026-01-26",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023920.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:0308-1 vom 2026-01-28",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023937.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:20122-1 vom 2026-01-28",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023968.html"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10101-1 vom 2026-01-28",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MQGDE5WRPP6NKEPWSYQ5WAJ54HTZCN45/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:20132-1 vom 2026-01-28",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023959.html"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:0032-1 vom 2026-01-30",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YIDNEL2XD2C3R7XQHANV23SKGOE6VLD6/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:0354-1 vom 2026-02-02",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024002.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2ECS-2026-095 vom 2026-02-06",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2ECS-2026-095.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2026-3135 vom 2026-02-06",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2-2026-3135.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2026-3134 vom 2026-02-06",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2-2026-3134.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2DOCKER-2026-096 vom 2026-02-06",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2DOCKER-2026-096.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2026-3138 vom 2026-02-06",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2-2026-3138.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2026-3137 vom 2026-02-06",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2-2026-3137.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2026-3136 vom 2026-02-06",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2-2026-3136.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2026-3146 vom 2026-02-06",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2-2026-3146.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:0403-1 vom 2026-02-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024084.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:0426-1 vom 2026-02-11",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024120.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:0427-1 vom 2026-02-11",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024119.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:2708 vom 2026-02-16",
        "url": "https://access.redhat.com/errata/RHSA-2026:2708"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:20220-1 vom 2026-02-15",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M4EVFYENISTE7WMVDTI7MTPTDXI7IJQ2/"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:20214-1 vom 2026-02-14",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KQX4ETITXJH3KBGH7YHJSZKMZNKVQRWR/"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:2706 vom 2026-02-16",
        "url": "https://access.redhat.com/errata/RHSA-2026:2706"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:2754 vom 2026-02-16",
        "url": "https://access.redhat.com/errata/RHSA-2026:2754"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-2706 vom 2026-02-16",
        "url": "https://linux.oracle.com/errata/ELSA-2026-2706.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:2681 vom 2026-02-16",
        "url": "https://access.redhat.com/errata/RHSA-2026:2681"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-2709 vom 2026-02-16",
        "url": "https://linux.oracle.com/errata/ELSA-2026-2709.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-2708 vom 2026-02-16",
        "url": "https://linux.oracle.com/errata/ELSA-2026-2708.html"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:2708 vom 2026-02-17",
        "url": "https://errata.build.resf.org/RLSA-2026:2708"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:2709 vom 2026-02-17",
        "url": "https://errata.build.resf.org/RLSA-2026:2709"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:2706 vom 2026-02-17",
        "url": "https://errata.build.resf.org/RLSA-2026:2706"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2026-3174 vom 2026-02-19",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2-2026-3174.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2ECS-2026-096 vom 2026-02-19",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2ECS-2026-096.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:20429-1 vom 2026-02-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024343.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:20428-1 vom 2026-02-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024344.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2NITRO-ENCLAVES-2026-087 vom 2026-02-19",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2NITRO-ENCLAVES-2026-087.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2NITRO-ENCLAVES-2026-088 vom 2026-02-19",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2NITRO-ENCLAVES-2026-088.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2NITRO-ENCLAVES-2026-089 vom 2026-02-19",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2NITRO-ENCLAVES-2026-089.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2NITRO-ENCLAVES-2026-090 vom 2026-02-19",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2NITRO-ENCLAVES-2026-090.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2NITRO-ENCLAVES-2026-091 vom 2026-02-19",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2NITRO-ENCLAVES-2026-091.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2NITRO-ENCLAVES-2026-092 vom 2026-02-19",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2NITRO-ENCLAVES-2026-092.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-2920 vom 2026-02-19",
        "url": "https://linux.oracle.com/errata/ELSA-2026-2920.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-2914 vom 2026-02-19",
        "url": "https://linux.oracle.com/errata/ELSA-2026-2914.html"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10220-1 vom 2026-02-19",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/I7N2QLT4QQIZC6RCBGA4LQNAUW5NSKRS/"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10224-1 vom 2026-02-19",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MP4XIIXIOQEITZJFXXLA5XOCW3MWGG7L/"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3035 vom 2026-02-23",
        "url": "https://access.redhat.com/errata/RHSA-2026:3035"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3040 vom 2026-02-23",
        "url": "https://access.redhat.com/errata/RHSA-2026:3040"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3089 vom 2026-02-23",
        "url": "https://access.redhat.com/errata/RHSA-2026:3089"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-3092 vom 2026-02-24",
        "url": "http://linux.oracle.com/errata/ELSA-2026-3092.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-3040 vom 2026-02-24",
        "url": "http://linux.oracle.com/errata/ELSA-2026-3040.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-3035 vom 2026-02-24",
        "url": "http://linux.oracle.com/errata/ELSA-2026-3035.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3092 vom 2026-02-23",
        "url": "https://access.redhat.com/errata/RHSA-2026:3092"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3192 vom 2026-02-24",
        "url": "https://access.redhat.com/errata/RHSA-2026:3192"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3193 vom 2026-02-24",
        "url": "https://access.redhat.com/errata/RHSA-2026:3193"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3188 vom 2026-02-24",
        "url": "https://access.redhat.com/errata/RHSA-2026:3188"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3187 vom 2026-02-24",
        "url": "https://access.redhat.com/errata/RHSA-2026:3187"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3184 vom 2026-02-24",
        "url": "https://access.redhat.com/errata/RHSA-2026:3184"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3291 vom 2026-02-25",
        "url": "https://access.redhat.com/errata/RHSA-2026:3291"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:3092 vom 2026-02-24",
        "url": "https://errata.build.resf.org/RLSA-2026:3092"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3298 vom 2026-02-25",
        "url": "https://access.redhat.com/errata/RHSA-2026:3298"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3297 vom 2026-02-25",
        "url": "https://access.redhat.com/errata/RHSA-2026:3297"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3337 vom 2026-02-25",
        "url": "https://access.redhat.com/errata/RHSA-2026:3337"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-3187 vom 2026-02-25",
        "url": "https://linux.oracle.com/errata/ELSA-2026-3187.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3343 vom 2026-02-25",
        "url": "https://access.redhat.com/errata/RHSA-2026:3343"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3336 vom 2026-02-25",
        "url": "https://access.redhat.com/errata/RHSA-2026:3336"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-3188 vom 2026-02-25",
        "url": "https://linux.oracle.com/errata/ELSA-2026-3188.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-3297 vom 2026-02-25",
        "url": "https://linux.oracle.com/errata/ELSA-2026-3297.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-3291 vom 2026-02-25",
        "url": "https://linux.oracle.com/errata/ELSA-2026-3291.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-3298 vom 2026-02-26",
        "url": "https://linux.oracle.com/errata/ELSA-2026-3298.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-3336 vom 2026-02-25",
        "url": "https://linux.oracle.com/errata/ELSA-2026-3336.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-3337 vom 2026-02-26",
        "url": "https://linux.oracle.com/errata/ELSA-2026-3337.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3340 vom 2026-02-25",
        "url": "https://access.redhat.com/errata/RHSA-2026:3340"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-3340 vom 2026-02-25",
        "url": "https://linux.oracle.com/errata/ELSA-2026-3340.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-3341 vom 2026-02-25",
        "url": "https://linux.oracle.com/errata/ELSA-2026-3341.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-3343 vom 2026-02-25",
        "url": "https://linux.oracle.com/errata/ELSA-2026-3343.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3186 vom 2026-02-26",
        "url": "https://access.redhat.com/errata/RHSA-2026:3186"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3341 vom 2026-02-25",
        "url": "https://access.redhat.com/errata/RHSA-2026:3341"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3427 vom 2026-02-26",
        "url": "https://access.redhat.com/errata/RHSA-2026:3427"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2DOCKER-2026-099 vom 2026-02-26",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2DOCKER-2026-099.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2DOCKER-2026-102 vom 2026-02-26",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2DOCKER-2026-102.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2DOCKER-2026-101 vom 2026-02-26",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2DOCKER-2026-101.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2DOCKER-2026-100 vom 2026-02-26",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2DOCKER-2026-100.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2DOCKER-2026-098 vom 2026-02-26",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2DOCKER-2026-098.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2DOCKER-2026-097 vom 2026-02-26",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2DOCKER-2026-097.html"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:3336 vom 2026-02-26",
        "url": "https://errata.build.resf.org/RLSA-2026:3336"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:3337 vom 2026-02-26",
        "url": "https://errata.build.resf.org/RLSA-2026:3337"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3459 vom 2026-02-27",
        "url": "https://access.redhat.com/errata/RHSA-2026:3459"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:3343 vom 2026-02-26",
        "url": "https://errata.build.resf.org/RLSA-2026:3343"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:3341 vom 2026-02-26",
        "url": "https://errata.build.resf.org/RLSA-2026:3341"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:3340 vom 2026-02-26",
        "url": "https://errata.build.resf.org/RLSA-2026:3340"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:3298 vom 2026-02-26",
        "url": "https://errata.build.resf.org/RLSA-2026:3298"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:3297 vom 2026-02-26",
        "url": "https://errata.build.resf.org/RLSA-2026:3297"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:3291 vom 2026-02-26",
        "url": "https://errata.build.resf.org/RLSA-2026:3291"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:3187 vom 2026-02-26",
        "url": "https://errata.build.resf.org/RLSA-2026:3187"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:3188 vom 2026-02-26",
        "url": "https://errata.build.resf.org/RLSA-2026:3188"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:0687-1 vom 2026-02-28",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024507.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3506 vom 2026-03-02",
        "url": "https://access.redhat.com/errata/RHSA-2026:3506"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3473 vom 2026-03-02",
        "url": "https://access.redhat.com/errata/RHSA-2026:3473"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3472 vom 2026-03-02",
        "url": "https://access.redhat.com/errata/RHSA-2026:3472"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3470 vom 2026-03-02",
        "url": "https://access.redhat.com/errata/RHSA-2026:3470"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3469 vom 2026-03-02",
        "url": "https://access.redhat.com/errata/RHSA-2026:3469"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3468 vom 2026-03-02",
        "url": "https://access.redhat.com/errata/RHSA-2026:3468"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3489 vom 2026-03-02",
        "url": "https://access.redhat.com/errata/RHSA-2026:3489"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3556 vom 2026-03-02",
        "url": "https://access.redhat.com/errata/RHSA-2026:3556"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7262283 vom 2026-03-02",
        "url": "https://www.ibm.com/support/pages/node/7262283"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3559 vom 2026-03-02",
        "url": "https://access.redhat.com/errata/RHSA-2026:3559"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3669 vom 2026-03-03",
        "url": "https://access.redhat.com/errata/RHSA-2026:3669"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:0789-1 vom 2026-03-03",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024529.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3699 vom 2026-03-04",
        "url": "https://access.redhat.com/errata/RHSA-2026:3699"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3668 vom 2026-03-04",
        "url": "https://access.redhat.com/errata/RHSA-2026:3668"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:0790-1 vom 2026-03-03",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024528.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3416 vom 2026-03-04",
        "url": "https://access.redhat.com/errata/RHSA-2026:3416"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-3668 vom 2026-03-03",
        "url": "https://linux.oracle.com/errata/ELSA-2026-3668.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:0760-1 vom 2026-03-03",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024556.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3831 vom 2026-03-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:3831"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3833 vom 2026-03-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:3833"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-3669 vom 2026-03-04",
        "url": "https://linux.oracle.com/errata/ELSA-2026-3669.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3822 vom 2026-03-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:3822"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3391 vom 2026-03-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:3391"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3821 vom 2026-03-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:3821"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3812 vom 2026-03-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:3812"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3815 vom 2026-03-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:3815"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3752 vom 2026-03-04",
        "url": "https://access.redhat.com/errata/RHSA-2026:3752"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3782 vom 2026-03-04",
        "url": "https://access.redhat.com/errata/RHSA-2026:3782"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3753 vom 2026-03-04",
        "url": "https://access.redhat.com/errata/RHSA-2026:3753"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3816 vom 2026-03-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:3816"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3813 vom 2026-03-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:3813"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3814 vom 2026-03-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:3814"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3818 vom 2026-03-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:3818"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3820 vom 2026-03-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:3820"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3838 vom 2026-03-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:3838"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3835 vom 2026-03-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:3835"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3836 vom 2026-03-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:3836"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3839 vom 2026-03-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:3839"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3840 vom 2026-03-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:3840"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3841 vom 2026-03-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:3841"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3843 vom 2026-03-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:3843"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:3668 vom 2026-03-05",
        "url": "https://errata.build.resf.org/RLSA-2026:3668"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:3669 vom 2026-03-05",
        "url": "https://errata.build.resf.org/RLSA-2026:3669"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3817 vom 2026-03-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:3817"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3854 vom 2026-03-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:3854"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3864 vom 2026-03-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:3864"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3874 vom 2026-03-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:3874"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3869 vom 2026-03-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:3869"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3879 vom 2026-03-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:3879"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3880 vom 2026-03-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:3880"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-3842 vom 2026-03-05",
        "url": "https://linux.oracle.com/errata/ELSA-2026-3842.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-3928 vom 2026-03-06",
        "url": "https://linux.oracle.com/errata/ELSA-2026-3928.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-3752 vom 2026-03-05",
        "url": "https://linux.oracle.com/errata/ELSA-2026-3752.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3898 vom 2026-03-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:3898"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2ECS-2026-098 vom 2026-03-06",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2ECS-2026-098.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3931 vom 2026-03-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:3931"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3932 vom 2026-03-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:3932"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3842 vom 2026-03-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:3842"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-3753 vom 2026-03-05",
        "url": "https://linux.oracle.com/errata/ELSA-2026-3753.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3928 vom 2026-03-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:3928"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3929 vom 2026-03-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:3929"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3884 vom 2026-03-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:3884"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:20301-1 vom 2026-03-05",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HI5YBRZT7ZAEECO2GZWZ2NF6FI55BMYW/"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2ECS-2026-097 vom 2026-03-06",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2ECS-2026-097.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2ECS-2026-099 vom 2026-03-06",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2ECS-2026-099.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3930 vom 2026-03-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:3930"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3959 vom 2026-03-06",
        "url": "https://access.redhat.com/errata/RHSA-2026:3959"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-3864 vom 2026-03-06",
        "url": "https://linux.oracle.com/errata/ELSA-2026-3864.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3958 vom 2026-03-06",
        "url": "https://access.redhat.com/errata/RHSA-2026:3958"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3960 vom 2026-03-06",
        "url": "https://access.redhat.com/errata/RHSA-2026:3960"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:3842 vom 2026-03-06",
        "url": "https://errata.build.resf.org/RLSA-2026:3842"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:3928 vom 2026-03-06",
        "url": "https://errata.build.resf.org/RLSA-2026:3928"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3971 vom 2026-03-09",
        "url": "https://access.redhat.com/errata/RHSA-2026:3971"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3974 vom 2026-03-09",
        "url": "https://access.redhat.com/errata/RHSA-2026:3974"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:3864 vom 2026-03-07",
        "url": "https://errata.build.resf.org/RLSA-2026:3864"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3973 vom 2026-03-09",
        "url": "https://access.redhat.com/errata/RHSA-2026:3973"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3972 vom 2026-03-09",
        "url": "https://access.redhat.com/errata/RHSA-2026:3972"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3970 vom 2026-03-09",
        "url": "https://access.redhat.com/errata/RHSA-2026:3970"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:20623-1 vom 2026-03-06",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024649.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:20629-1 vom 2026-03-06",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024646.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-3840 vom 2026-03-06",
        "url": "https://linux.oracle.com/errata/ELSA-2026-3840.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-3839 vom 2026-03-06",
        "url": "https://linux.oracle.com/errata/ELSA-2026-3839.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Golang Go: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-03-08T23:00:00.000+00:00",
      "generator": {
        "date": "2026-03-09T08:27:08.261+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-0129",
      "initial_release_date": "2026-01-15T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-01-15T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-01-18T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates aufgenommen"
        },
        {
          "date": "2026-01-19T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von openSUSE aufgenommen"
        },
        {
          "date": "2026-01-22T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-01-26T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-01-28T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von SUSE, European Union Vulnerability Database und openSUSE aufgenommen"
        },
        {
          "date": "2026-01-29T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von openSUSE aufgenommen"
        },
        {
          "date": "2026-02-01T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-02-05T23:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Amazon, Go und European Union Vulnerability Database aufgenommen"
        },
        {
          "date": "2026-02-08T23:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-02-11T23:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-02-15T23:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Red Hat und openSUSE aufgenommen"
        },
        {
          "date": "2026-02-16T23:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
        },
        {
          "date": "2026-02-18T23:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Amazon, SUSE und Oracle Linux aufgenommen"
        },
        {
          "date": "2026-02-19T23:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von openSUSE aufgenommen"
        },
        {
          "date": "2026-02-22T23:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-02-23T23:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
        },
        {
          "date": "2026-02-24T23:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Red Hat und Rocky Enterprise Software Foundation aufgenommen"
        },
        {
          "date": "2026-02-25T23:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von Oracle Linux und Red Hat aufgenommen"
        },
        {
          "date": "2026-02-26T23:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von Amazon, Rocky Enterprise Software Foundation und Red Hat aufgenommen"
        },
        {
          "date": "2026-03-01T23:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von SUSE und Red Hat aufgenommen"
        },
        {
          "date": "2026-03-02T23:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von Red Hat und IBM aufgenommen"
        },
        {
          "date": "2026-03-03T23:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von Red Hat, SUSE und Oracle Linux aufgenommen"
        },
        {
          "date": "2026-03-04T23:00:00.000+00:00",
          "number": "24",
          "summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
        },
        {
          "date": "2026-03-05T23:00:00.000+00:00",
          "number": "25",
          "summary": "Neue Updates von Oracle Linux, Red Hat, Amazon und openSUSE aufgenommen"
        },
        {
          "date": "2026-03-08T23:00:00.000+00:00",
          "number": "26",
          "summary": "Neue Updates von Red Hat, Rocky Enterprise Software Foundation, SUSE und Oracle Linux aufgenommen"
        }
      ],
      "status": "final",
      "version": "26"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c1.25.6",
                "product": {
                  "name": "Golang Go \u003c1.25.6",
                  "product_id": "T050049"
                }
              },
              {
                "category": "product_version",
                "name": "1.25.6",
                "product": {
                  "name": "Golang Go 1.25.6",
                  "product_id": "T050049-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:golang:go:1.25.6"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.24.12",
                "product": {
                  "name": "Golang Go \u003c1.24.12",
                  "product_id": "T050051"
                }
              },
              {
                "category": "product_version",
                "name": "1.24.12",
                "product": {
                  "name": "Golang Go 1.24.12",
                  "product_id": "T050051-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:golang:go:1.24.12"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Go"
          }
        ],
        "category": "vendor",
        "name": "Golang"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IBM App Connect Enterprise",
            "product": {
              "name": "IBM App Connect Enterprise",
              "product_id": "T032495",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:app_connect_enterprise:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c1.14.1",
                "product": {
                  "name": "Open Source CoreDNS \u003c1.14.1",
                  "product_id": "T050073"
                }
              },
              {
                "category": "product_version",
                "name": "1.14.1",
                "product": {
                  "name": "Open Source CoreDNS 1.14.1",
                  "product_id": "T050073-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:coredns:coredns:1.14.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "CoreDNS"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "RESF Rocky Linux",
            "product": {
              "name": "RESF Rocky Linux",
              "product_id": "T032255",
              "product_identification_helper": {
                "cpe": "cpe:/o:resf:rocky_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "RESF"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "distributed tracing platform",
                "product": {
                  "name": "Red Hat OpenShift distributed tracing platform",
                  "product_id": "T051282",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:distributed_tracing_platform"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "OpenShift"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "SUSE openSUSE",
            "product": {
              "name": "SUSE openSUSE",
              "product_id": "T027843",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:opensuse:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-61726",
      "product_status": {
        "known_affected": [
          "T050051",
          "T050073",
          "T051282",
          "T002207",
          "67646",
          "T027843",
          "398363",
          "T050049",
          "T004914",
          "T032255",
          "T032495"
        ]
      },
      "release_date": "2026-01-15T23:00:00.000+00:00",
      "title": "CVE-2025-61726"
    },
    {
      "cve": "CVE-2025-61728",
      "product_status": {
        "known_affected": [
          "T050051",
          "T050073",
          "T051282",
          "T002207",
          "67646",
          "T027843",
          "398363",
          "T050049",
          "T004914",
          "T032255",
          "T032495"
        ]
      },
      "release_date": "2026-01-15T23:00:00.000+00:00",
      "title": "CVE-2025-61728"
    },
    {
      "cve": "CVE-2025-61730",
      "product_status": {
        "known_affected": [
          "T050051",
          "T050073",
          "T051282",
          "T002207",
          "67646",
          "T027843",
          "398363",
          "T050049",
          "T004914",
          "T032255",
          "T032495"
        ]
      },
      "release_date": "2026-01-15T23:00:00.000+00:00",
      "title": "CVE-2025-61730"
    },
    {
      "cve": "CVE-2025-61731",
      "product_status": {
        "known_affected": [
          "T050051",
          "T050073",
          "T051282",
          "T002207",
          "67646",
          "T027843",
          "398363",
          "T050049",
          "T004914",
          "T032255",
          "T032495"
        ]
      },
      "release_date": "2026-01-15T23:00:00.000+00:00",
      "title": "CVE-2025-61731"
    },
    {
      "cve": "CVE-2025-68119",
      "product_status": {
        "known_affected": [
          "T050051",
          "T050073",
          "T051282",
          "T002207",
          "67646",
          "T027843",
          "398363",
          "T050049",
          "T004914",
          "T032255",
          "T032495"
        ]
      },
      "release_date": "2026-01-15T23:00:00.000+00:00",
      "title": "CVE-2025-68119"
    },
    {
      "cve": "CVE-2025-68121",
      "product_status": {
        "known_affected": [
          "T050051",
          "T050073",
          "T051282",
          "T002207",
          "67646",
          "T027843",
          "398363",
          "T050049",
          "T004914",
          "T032255",
          "T032495"
        ]
      },
      "release_date": "2026-01-15T23:00:00.000+00:00",
      "title": "CVE-2025-68121"
    }
  ]
}

CVE-2025-68119 (GCVE-0-2025-68119)

Vulnerability from cvelistv5 – Published: 2026-01-28 19:30 – Updated: 2026-02-26 15:04

Title

Unexpected code execution when invoking toolchain in cmd/go

Summary

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected code execution due to how external VCS commands are constructed. This issue can also be triggered by providing a malicious version string to the toolchain. On systems with Git installed, downloading and building modules with malicious version strings can allow an attacker to write to arbitrary files on the filesystem. This can only be triggered by explicitly providing the malicious version strings to the toolchain and does not affect usage of @latest or bare module paths.

Severity ?

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Assigner

References

URL

Tags

	https://go.dev/cl/736710
	https://go.dev/issue/77099
	https://groups.google.com/g/golang-announce/c/Vd2…
	https://pkg.go.dev/vuln/GO-2026-4338

Impacted products

	Vendor	Product	Version
	Go toolchain	cmd/go	Affected: 1.25.0 , < 1.25.6 (semver)

Credits

splitline (@splitline) from DEVCORE Research Team

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-68119",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-29T04:55:55.432053Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T15:04:45.665Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "cmd/go",
          "product": "cmd/go",
          "vendor": "Go toolchain",
          "versions": [
            {
              "lessThan": "1.25.6",
              "status": "affected",
              "version": "1.25.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "splitline (@splitline) from DEVCORE Research Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected code execution due to how external VCS commands are constructed. This issue can also be triggered by providing a malicious version string to the toolchain. On systems with Git installed, downloading and building modules with malicious version strings can allow an attacker to write to arbitrary files on the filesystem. This can only be triggered by explicitly providing the malicious version strings to the toolchain and does not affect usage of @latest or bare module paths."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-28T19:30:30.704Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/736710"
        },
        {
          "url": "https://go.dev/issue/77099"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2026-4338"
        }
      ],
      "title": "Unexpected code execution when invoking toolchain in cmd/go"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-68119",
    "datePublished": "2026-01-28T19:30:30.704Z",
    "dateReserved": "2025-12-15T16:48:04.450Z",
    "dateUpdated": "2026-02-26T15:04:45.665Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-68121 (GCVE-0-2025-68121)

Vulnerability from cvelistv5 – Published: 2026-02-05 17:48 – Updated: 2026-02-20 16:05

Title

Unexpected session resumption in crypto/tls

Summary

During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.

Severity ?

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-295 - Improper Certificate Validation

Assigner

References

URL

Tags

	https://groups.google.com/g/golang-announce/c/K09…
	https://go.dev/cl/737700
	https://go.dev/issue/77217
	https://pkg.go.dev/vuln/GO-2026-4337

Impacted products

	Vendor	Product	Version
	Go standard library	crypto/tls	Affected: 0 , < 1.24.13 (semver) Affected: 1.25.0-0 , < 1.25.7 (semver) Affected: 1.26.0-rc.1 , < 1.26.0-rc.3 (semver)

Credits

Coia Prant (github.com/rbqvq) Go Security Team

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.4,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-68121",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-20T16:05:03.924102Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-295",
                "description": "CWE-295 Improper Certificate Validation",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-20T16:05:07.679Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "crypto/tls",
          "product": "crypto/tls",
          "programRoutines": [
            {
              "name": "Conn.handshakeContext"
            },
            {
              "name": "Conn.Handshake"
            },
            {
              "name": "Conn.HandshakeContext"
            },
            {
              "name": "Conn.Read"
            },
            {
              "name": "Conn.Write"
            },
            {
              "name": "Dial"
            },
            {
              "name": "DialWithDialer"
            },
            {
              "name": "Dialer.Dial"
            },
            {
              "name": "Dialer.DialContext"
            },
            {
              "name": "QUICConn.Start"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.24.13",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.25.7",
              "status": "affected",
              "version": "1.25.0-0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.26.0-rc.3",
              "status": "affected",
              "version": "1.26.0-rc.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Coia Prant (github.com/rbqvq)"
        },
        {
          "lang": "en",
          "value": "Go Security Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-295: Improper Certificate Validation",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-05T17:48:44.141Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
        },
        {
          "url": "https://go.dev/cl/737700"
        },
        {
          "url": "https://go.dev/issue/77217"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2026-4337"
        }
      ],
      "title": "Unexpected session resumption in crypto/tls"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-68121",
    "datePublished": "2026-02-05T17:48:44.141Z",
    "dateReserved": "2025-12-15T16:48:04.451Z",
    "dateUpdated": "2026-02-20T16:05:07.679Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-61726 (GCVE-0-2025-61726)

Vulnerability from cvelistv5 – Published: 2026-01-28 19:30 – Updated: 2026-01-29 18:31

Title

Memory exhaustion in query parameter parsing in net/url

Summary

The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

References

URL

Tags

	https://go.dev/cl/736712
	https://go.dev/issue/77101
	https://groups.google.com/g/golang-announce/c/Vd2…
	https://pkg.go.dev/vuln/GO-2026-4341

Impacted products

	Vendor	Product	Version
	Go standard library	net/url	Affected: 0 , < 1.24.12 (semver) Affected: 1.25.0 , < 1.25.6 (semver)

Credits

jub0bs

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-61726",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-29T18:31:39.150633Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-29T18:31:59.685Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "net/url",
          "product": "net/url",
          "programRoutines": [
            {
              "name": "parseQuery"
            },
            {
              "name": "ParseQuery"
            },
            {
              "name": "URL.Query"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.24.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.25.6",
              "status": "affected",
              "version": "1.25.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "jub0bs"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-28T19:30:31.215Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/736712"
        },
        {
          "url": "https://go.dev/issue/77101"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2026-4341"
        }
      ],
      "title": "Memory exhaustion in query parameter parsing in net/url"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-61726",
    "datePublished": "2026-01-28T19:30:31.215Z",
    "dateReserved": "2025-09-30T15:05:03.605Z",
    "dateUpdated": "2026-01-29T18:31:59.685Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-61730 (GCVE-0-2025-61730)

Vulnerability from cvelistv5 – Published: 2026-01-28 19:30 – Updated: 2026-02-02 17:28

Title

Handshake messages may be processed at the incorrect encryption level in crypto/tls

Summary

During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-940 - Improper Verification of Source of a Communication Channel

Assigner

References

URL

Tags

	https://go.dev/cl/724120
	https://go.dev/issue/76443
	https://groups.google.com/g/golang-announce/c/Vd2…
	https://pkg.go.dev/vuln/GO-2026-4340

Impacted products

	Vendor	Product	Version
	Go standard library	crypto/tls	Affected: 0 , < 1.24.12 (semver) Affected: 1.25.0 , < 1.25.6 (semver)

Credits

Coia Prant (github.com/rbqvq)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-61730",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-02T17:28:46.305649Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-02T17:28:49.572Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "crypto/tls",
          "product": "crypto/tls",
          "programRoutines": [
            {
              "name": "Conn.handleKeyUpdate"
            },
            {
              "name": "Conn.handshakeContext"
            },
            {
              "name": "clientHandshakeStateTLS13.establishHandshakeKeys"
            },
            {
              "name": "clientHandshakeStateTLS13.readServerFinished"
            },
            {
              "name": "clientHandshakeStateTLS13.sendClientFinished"
            },
            {
              "name": "serverHandshakeStateTLS13.checkForResumption"
            },
            {
              "name": "serverHandshakeStateTLS13.doHelloRetryRequest"
            },
            {
              "name": "serverHandshakeStateTLS13.sendServerParameters"
            },
            {
              "name": "serverHandshakeStateTLS13.sendServerFinished"
            },
            {
              "name": "serverHandshakeStateTLS13.readClientFinished"
            },
            {
              "name": "Conn.quicSetReadSecret"
            },
            {
              "name": "Conn.Handshake"
            },
            {
              "name": "Conn.HandshakeContext"
            },
            {
              "name": "Conn.Read"
            },
            {
              "name": "Conn.Write"
            },
            {
              "name": "Dial"
            },
            {
              "name": "DialWithDialer"
            },
            {
              "name": "Dialer.Dial"
            },
            {
              "name": "Dialer.DialContext"
            },
            {
              "name": "QUICConn.HandleData"
            },
            {
              "name": "QUICConn.Start"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.24.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.25.6",
              "status": "affected",
              "version": "1.25.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Coia Prant (github.com/rbqvq)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-940: Improper Verification of Source of a Communication Channel",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-28T19:30:30.986Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/724120"
        },
        {
          "url": "https://go.dev/issue/76443"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2026-4340"
        }
      ],
      "title": "Handshake messages may be processed at the incorrect encryption level in crypto/tls"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-61730",
    "datePublished": "2026-01-28T19:30:30.986Z",
    "dateReserved": "2025-09-30T15:05:03.605Z",
    "dateUpdated": "2026-02-02T17:28:49.572Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-61728 (GCVE-0-2025-61728)

Vulnerability from cvelistv5 – Published: 2026-01-28 19:30 – Updated: 2026-01-29 18:30

Title

Excessive CPU consumption when building archive index in archive/zip

Summary

archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE

CWE-407 - Inefficient Algorithmic Complexity

Assigner

References

URL

Tags

	https://go.dev/cl/736713
	https://go.dev/issue/77102
	https://groups.google.com/g/golang-announce/c/Vd2…
	https://pkg.go.dev/vuln/GO-2026-4342

Impacted products

	Vendor	Product	Version
	Go standard library	archive/zip	Affected: 0 , < 1.24.12 (semver) Affected: 1.25.0 , < 1.25.6 (semver)

Credits

Jakub Ciolek

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-01-28T20:08:22.055Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/01/15/4"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-61728",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-29T18:29:58.068724Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-29T18:30:24.487Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "archive/zip",
          "product": "archive/zip",
          "programRoutines": [
            {
              "name": "Reader.initFileList"
            },
            {
              "name": "Reader.Open"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.24.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.25.6",
              "status": "affected",
              "version": "1.25.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Jakub Ciolek"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-407: Inefficient Algorithmic Complexity",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-28T19:30:31.354Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/736713"
        },
        {
          "url": "https://go.dev/issue/77102"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2026-4342"
        }
      ],
      "title": "Excessive CPU consumption when building archive index in archive/zip"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-61728",
    "datePublished": "2026-01-28T19:30:31.354Z",
    "dateReserved": "2025-09-30T15:05:03.605Z",
    "dateUpdated": "2026-01-29T18:30:24.487Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-61731 (GCVE-0-2025-61731)

Vulnerability from cvelistv5 – Published: 2026-01-28 19:30 – Updated: 2026-02-26 15:04

Title

Arbitrary file write using cgo pkg-config directive in cmd/go

Summary

Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "#cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a "--log-file" argument to this directive, causing pkg-config to write to an attacker-controlled location.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Assigner

References

URL

Tags

	https://go.dev/cl/736711
	https://go.dev/issue/77100
	https://groups.google.com/g/golang-announce/c/Vd2…
	https://pkg.go.dev/vuln/GO-2026-4339

Impacted products

	Vendor	Product	Version
	Go toolchain	cmd/go	Affected: 0 , < 1.24.12 (semver) Affected: 1.25.0 , < 1.25.6 (semver)

Credits

RyotaK (https://ryotak.net) of GMO Flatt Security Inc.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-61731",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-29T04:55:56.484332Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T15:04:45.375Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "cmd/go",
          "product": "cmd/go",
          "vendor": "Go toolchain",
          "versions": [
            {
              "lessThan": "1.24.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.25.6",
              "status": "affected",
              "version": "1.25.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "RyotaK (https://ryotak.net) of GMO Flatt Security Inc."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The \"#cgo pkg-config:\" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a \"--log-file\" argument to this directive, causing pkg-config to write to an attacker-controlled location."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-28T19:30:30.844Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/736711"
        },
        {
          "url": "https://go.dev/issue/77100"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2026-4339"
        }
      ],
      "title": "Arbitrary file write using cgo pkg-config directive in cmd/go"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-61731",
    "datePublished": "2026-01-28T19:30:30.844Z",
    "dateReserved": "2025-09-30T15:05:03.605Z",
    "dateUpdated": "2026-02-26T15:04:45.375Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-0129

CVE-2025-68119 (GCVE-0-2025-68119)

CVE-2025-68121 (GCVE-0-2025-68121)

CVE-2025-61726 (GCVE-0-2025-61726)

CVE-2025-61730 (GCVE-0-2025-61730)

CVE-2025-61728 (GCVE-0-2025-61728)

CVE-2025-61731 (GCVE-0-2025-61731)

Tags

Sightings

Nomenclature