漏洞信息详情

Golang Go crypto 安全漏洞

  • CNNVD编号:CNNVD-202006-1195
  • 危害等级: 高危
  • CVE编号: CVE-2020-14040
  • 漏洞类型: 其他
  • 发布时间: 2020-06-17
  • 威胁类型: 远程
  • 更新时间: 2021-08-13
  • 厂        商:
  • 漏洞来源: Red Hat

漏洞简介

Golang Go crypto是Golang社区的一款基于 Go 语言的加密代码库。

Golang Go x/text package 0.3.3之前版本存在安全漏洞。攻击者可利用该漏洞导致UTF-16解码器进入无限循环,进而导致程序崩溃或内存不足。

漏洞公告

目前厂商已发布升级补丁以修复漏洞,补丁获取链接:

https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0

参考网址

来源:MISC

链接:https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TACQFZDPA7AUR6TRZBCX2RGRFSDYLI7O/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/158798/Red-Hat-Security-Advisory-2020-3372-01.html

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/160125/Red-Hat-Security-Advisory-2020-5149-01.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.4171/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.1225

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/162696/Red-Hat-Security-Advisory-2021-2039-01.html

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerabilty-has-been-found-in-x-test-pacakge-before-0-3-3-for-go-that-could-lead-to-an-infinite-loop-affecting-ibm-cloud-pak-for-applications/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.1406

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.2714/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/160580/Red-Hat-Security-Advisory-2020-5606-01.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.4513/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/159515/Red-Hat-Security-Advisory-2020-4214-01.html

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021050603

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.3488/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.3890/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.1193

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/163798/Red-Hat-Security-Advisory-2021-3140-01.html

来源:vigilance.fr

链接:https://vigilance.fr/vulnerability/Go-overload-via-UTF-BOM-33267

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.3700/

来源:nvd.nist.gov

链接:https://nvd.nist.gov/vuln/detail/CVE-2020-14040

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/162151/Red-Hat-Security-Advisory-2021-1168-01.html

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/158512/Red-Hat-Security-Advisory-2020-3087-01.html

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/159880/Red-Hat-Security-Advisory-2020-4694-01.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.0864

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/159095/Red-Hat-Security-Advisory-2020-3578-01.html

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/159999/Red-Hat-Security-Advisory-2020-5055-01.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.4100/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.1759

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/159187/Red-Hat-Security-Advisory-2020-3727-01.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.4461/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.0691

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/162337/Red-Hat-Security-Advisory-2021-1369-01.html

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/161286/Red-Hat-Security-Advisory-2021-0420-01.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.2517/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.2731

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.3081/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/159725/Red-Hat-Security-Advisory-2020-4297-01.html

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerabilty-in-encoding-unicode-in-the-utf-16-decoder-has-been-found-in-x-text-package-before-v0-3-3-for-go-that-could-lead-to-an-infinite-loop-and-denial-of-service-affecting/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/160197/Red-Hat-Security-Advisory-2020-5198-01.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.3174/

来源:www.nsfocus.net

链接:http://www.nsfocus.net/vulndb/48793

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/162130/Red-Hat-Security-Advisory-2021-1129-01.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.3223.2/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.3994/

受影响实体

    暂无


漏洞信息快速查询

相关漏洞

更多