CVE-2023-39323

Related Files

Ubuntu Security Notice USN-7111-1

Posted Nov 15, 2024

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7111-1 - Philippe Antoine discovered that Go incorrectly handled crafted HTTP/2 streams. An attacker could possibly use this issue to cause a denial of service. Marten Seemann discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a panic resulting in a denial of service. Ameya Darshan and Jakob Ackermann discovered that Go did not properly validate the amount of memory and disk files ReadForm can consume. An attacker could possibly use this issue to cause a panic resulting in a denial of service.

tags | advisory, web, denial of service

systems | linux, ubuntu

advisories | CVE-2022-41723, CVE-2022-41724, CVE-2022-41725, CVE-2023-24536, CVE-2023-39323, CVE-2023-45288, CVE-2023-45290, CVE-2024-24783, CVE-2024-24784, CVE-2024-24789, CVE-2024-24791, CVE-2024-34155, CVE-2024-34156, CVE-2024-34158

SHA-256 | 8309e2cc82bec72641de9766c00b5b04be56b3f96d79c53bdc77264e677a87a9

Download | Favorite | View

Ubuntu Security Notice USN-7109-1

Posted Nov 14, 2024

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7109-1 - Philippe Antoine discovered that Go incorrectly handled crafted HTTP/2 streams. An attacker could possibly use this issue to cause a denial of service. Marten Seemann discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a panic resulting in a denial of service. Ameya Darshan and Jakob Ackermann discovered that Go did not properly validate the amount of memory and disk files ReadForm can consume. An attacker could possibly use this issue to cause a panic resulting in a denial of service.

tags | advisory, web, denial of service

systems | linux, ubuntu

advisories | CVE-2022-41723, CVE-2022-41724, CVE-2022-41725, CVE-2023-24531, CVE-2023-24536, CVE-2023-29402, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405, CVE-2023-29406, CVE-2023-39323, CVE-2023-39325, CVE-2023-45288, CVE-2023-45290

SHA-256 | 58c0bd17f1c8113660d80deb0928ae6b2fe30fb7373a788126eaeb55879ba80a

Download | Favorite | View

Ubuntu Security Notice USN-6574-1

Posted Jan 11, 2024

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6574-1 - Takeshi Kaneko discovered that Go did not properly handle comments and special tags in the script context of html/template module. An attacker could possibly use this issue to inject Javascript code and perform a cross site scripting attack. This issue only affected Go 1.20 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 23.04. It was discovered that Go did not properly validate the "//go:cgo_" directives during compilation. An attacker could possibly use this issue to inject arbitrary code during compile time.

tags | advisory, arbitrary, javascript, xss

systems | linux, ubuntu

advisories | CVE-2023-39318, CVE-2023-39323, CVE-2023-39326, CVE-2023-45285

SHA-256 | b8c2a5761a1b9b637336f2af66c0577c0e91e5d6928b1d69d773c8f5060e8589

Download | Favorite | View