redis
redis copied to clipboard
Published
20 hours ago •
docker-library
docker-library
Golang 1.18.2 in latest Redis Image Contains Multiple High Severity Vulnerabilities
The following vulns exist in the tag 7.4.2. Can golang be patched?
| CVE-2022-30632 | 416 | fail | go | high | path/filepath | 1.18.2 | 7.5 | fixed in 1.17.12, 1.18.4 | 23:02.0 | Attack complexity: low, Attack vector: network, DoS - High, Has fix, High severity | Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators. | 9 | 15:41.0 | 38:13.0 | ||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| CVE-2022-30630 | 416 | fail | go | high | io/fs | 1.18.2 | 7.5 | fixed in 1.17.12, 1.18.4 | 23:02.0 | Attack complexity: low, Attack vector: network, DoS - High, Has fix, High severity | Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators. | 9 | 15:40.0 | 38:13.0 | ||||
| CVE-2023-29403 | 416 | fail | go | high | runtime | 1.18.2 | 7.8 | fixed in 1.19.10, 1.20.5 | 23:02.0 | Attack complexity: low, DoS - High, Has fix, High severity | On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers. | 9 | 15:16.0 | 38:13.0 | ||||
| CVE-2022-30630 | 416 | fail | go | high | io/fs | 1.18.2 | 7.5 | fixed in 1.17.12, 1.18.4 | 23:02.0 | Attack complexity: low, Attack vector: network, DoS - High, Has fix, High severity | Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators. | 6 | 15:40.0 | 53:56.0 | ||||
| CVE-2023-29403 | 416 | fail | go | high | runtime | 1.18.2 | 7.8 | fixed in 1.19.10, 1.20.5 | 23:02.0 | Attack complexity: low, DoS - High, Has fix, High severity | On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers. | 6 | 15:16.0 | 53:56.0 | ||||
| CVE-2022-30632 | 416 | fail | go | high | path/filepath | 1.18.2 | 7.5 | fixed in 1.17.12, 1.18.4 | 23:02.0 | Attack complexity: low, Attack vector: network, DoS - High, Has fix, High severity | Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators. | 6 | 15:41.0 | 53:56.0 |
