Ubuntu update for golang-1.17
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 14 |
| CVE-ID | CVE-2022-41723 CVE-2022-41724 CVE-2022-41725 CVE-2023-24536 CVE-2023-39323 CVE-2023-45288 CVE-2023-45290 CVE-2024-24783 CVE-2024-24784 CVE-2024-24789 CVE-2024-24791 CVE-2024-34155 CVE-2024-34156 CVE-2024-34158 |
| CWE-ID | CWE-400 CWE-399 CWE-20 CWE-388 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #6 is available. |
| Vulnerable software |
Ubuntu Operating systems & Components / Operating system golang-1.17-src (Ubuntu package) Operating systems & Components / Operating system package or component golang-1.17-go (Ubuntu package) Operating systems & Components / Operating system package or component golang-1.17 (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 14 vulnerabilities.
1) Resource exhaustion
EUVDB-ID: #VU72686
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-41723
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources in the HPACK decoder. A remote attacker can send a specially crafted HTTP/2 stream to the application, cause resource exhaustion and perform a denial of service (DoS) attack.
MitigationUpdate the affected package golang-1.17 to the latest version.
Vulnerable software versionsUbuntu: 22.04
golang-1.17-src (Ubuntu package): before 1.17.13-3ubuntu1.3
golang-1.17-go (Ubuntu package): before 1.17.13-3ubuntu1.3
golang-1.17 (Ubuntu package): before 1.17.13-3ubuntu1.3
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:golang-1.17-src_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:golang-1.17-go_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:golang-1.17_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7111-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Resource management error
EUVDB-ID: #VU72685
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-41724
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources in crypto/tls when handling large TLS handshake records. A remote attacker can send specially crafted data to the application and perform a denial of service (DoS) attack.
The vulnerability affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).
MitigationUpdate the affected package golang-1.17 to the latest version.
Vulnerable software versionsUbuntu: 22.04
golang-1.17-src (Ubuntu package): before 1.17.13-3ubuntu1.3
golang-1.17-go (Ubuntu package): before 1.17.13-3ubuntu1.3
golang-1.17 (Ubuntu package): before 1.17.13-3ubuntu1.3
CPE2.3- cpe:2.3:o:canonical:golang-1.17-src_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:golang-1.17-go_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:golang-1.17_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7111-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Resource exhaustion
EUVDB-ID: #VU73722
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-41725
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper control over internal resources in net/http and mime/multipart. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationUpdate the affected package golang-1.17 to the latest version.
Vulnerable software versionsUbuntu: 22.04
golang-1.17-src (Ubuntu package): before 1.17.13-3ubuntu1.3
golang-1.17-go (Ubuntu package): before 1.17.13-3ubuntu1.3
golang-1.17 (Ubuntu package): before 1.17.13-3ubuntu1.3
CPE2.3- cpe:2.3:o:canonical:golang-1.17-src_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:golang-1.17-go_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:golang-1.17_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7111-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Resource management error
EUVDB-ID: #VU74572
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-24536
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within mime/multipart and net/textproto components when parsing multipart forms. A remote attacker can pass specially crafted request to the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected package golang-1.17 to the latest version.
Vulnerable software versionsUbuntu: 22.04
golang-1.17-src (Ubuntu package): before 1.17.13-3ubuntu1.3
golang-1.17-go (Ubuntu package): before 1.17.13-3ubuntu1.3
golang-1.17 (Ubuntu package): before 1.17.13-3ubuntu1.3
CPE2.3- cpe:2.3:o:canonical:golang-1.17-src_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:golang-1.17-go_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:golang-1.17_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7111-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU81964
Risk: Medium
CVSSv4.0: 4.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-39323
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input when processing line directives (e.g. "//line") in the code. A remote attacker can bypass restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build".
MitigationUpdate the affected package golang-1.17 to the latest version.
Vulnerable software versionsUbuntu: 22.04
golang-1.17-src (Ubuntu package): before 1.17.13-3ubuntu1.3
golang-1.17-go (Ubuntu package): before 1.17.13-3ubuntu1.3
golang-1.17 (Ubuntu package): before 1.17.13-3ubuntu1.3
CPE2.3- cpe:2.3:o:canonical:golang-1.17-src_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:golang-1.17-go_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:golang-1.17_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7111-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Resource exhaustion
EUVDB-ID: #VU88184
Risk: Medium
CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2023-45288
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single HTTP/2 stream. A remote attacker can send specially crafted HTTP/2 requests to the server and perform a denial of service (DoS) attack. MitigationUpdate the affected package golang-1.17 to the latest version.
Vulnerable software versionsUbuntu: 22.04
golang-1.17-src (Ubuntu package): before 1.17.13-3ubuntu1.3
golang-1.17-go (Ubuntu package): before 1.17.13-3ubuntu1.3
golang-1.17 (Ubuntu package): before 1.17.13-3ubuntu1.3
CPE2.3- cpe:2.3:o:canonical:golang-1.17-src_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:golang-1.17-go_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:golang-1.17_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7111-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
7) Resource exhaustion
EUVDB-ID: #VU87197
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-45290
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists in net/http due to application does not properly control consumption of internal resources when parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile). A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationUpdate the affected package golang-1.17 to the latest version.
Vulnerable software versionsUbuntu: 22.04
golang-1.17-src (Ubuntu package): before 1.17.13-3ubuntu1.3
golang-1.17-go (Ubuntu package): before 1.17.13-3ubuntu1.3
golang-1.17 (Ubuntu package): before 1.17.13-3ubuntu1.3
CPE2.3- cpe:2.3:o:canonical:golang-1.17-src_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:golang-1.17-go_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:golang-1.17_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7111-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Error Handling
EUVDB-ID: #VU87196
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-24783
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists in crypto/x509 due to improper validation of a certificate chain that contains an unknown public key. A remote attacker can pass a specially crafted certificate to the application and perform a denial of service attack.
Update the affected package golang-1.17 to the latest version.
Vulnerable software versionsUbuntu: 22.04
golang-1.17-src (Ubuntu package): before 1.17.13-3ubuntu1.3
golang-1.17-go (Ubuntu package): before 1.17.13-3ubuntu1.3
golang-1.17 (Ubuntu package): before 1.17.13-3ubuntu1.3
CPE2.3- cpe:2.3:o:canonical:golang-1.17-src_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:golang-1.17-go_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:golang-1.17_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7111-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Input validation error
EUVDB-ID: #VU87201
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-24784
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to insufficient validation of display names within the ParseAddressList function in net/mail. A remote attacker can pass specially crafted input to the application and perform a spoofing attack.
MitigationUpdate the affected package golang-1.17 to the latest version.
Vulnerable software versionsUbuntu: 22.04
golang-1.17-src (Ubuntu package): before 1.17.13-3ubuntu1.3
golang-1.17-go (Ubuntu package): before 1.17.13-3ubuntu1.3
golang-1.17 (Ubuntu package): before 1.17.13-3ubuntu1.3
CPE2.3- cpe:2.3:o:canonical:golang-1.17-src_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:golang-1.17-go_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:golang-1.17_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7111-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Input validation error
EUVDB-ID: #VU91159
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-24789
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to manipulate data.
The vulnerability exists due to insufficient validation of user-supplied input in archive/zip when handling zip archives. A remote attacker can create a zip file with content that will vary depending on the implementation reading the file.
Update the affected package golang-1.17 to the latest version.
Vulnerable software versionsUbuntu: 22.04
golang-1.17-src (Ubuntu package): before 1.17.13-3ubuntu1.3
golang-1.17-go (Ubuntu package): before 1.17.13-3ubuntu1.3
golang-1.17 (Ubuntu package): before 1.17.13-3ubuntu1.3
CPE2.3- cpe:2.3:o:canonical:golang-1.17-src_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:golang-1.17-go_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:golang-1.17_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7111-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Resource exhaustion
EUVDB-ID: #VU93850
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-24791
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper handling of "Expect: 100-continue" HTTP requests. A remote attacker can send multiple such requests and consume all available resources.
Update the affected package golang-1.17 to the latest version.
Vulnerable software versionsUbuntu: 22.04
golang-1.17-src (Ubuntu package): before 1.17.13-3ubuntu1.3
golang-1.17-go (Ubuntu package): before 1.17.13-3ubuntu1.3
golang-1.17 (Ubuntu package): before 1.17.13-3ubuntu1.3
CPE2.3- cpe:2.3:o:canonical:golang-1.17-src_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:golang-1.17-go_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:golang-1.17_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7111-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Resource exhaustion
EUVDB-ID: #VU97215
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-34155
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to go/parser does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationUpdate the affected package golang-1.17 to the latest version.
Vulnerable software versionsUbuntu: 22.04
golang-1.17-src (Ubuntu package): before 1.17.13-3ubuntu1.3
golang-1.17-go (Ubuntu package): before 1.17.13-3ubuntu1.3
golang-1.17 (Ubuntu package): before 1.17.13-3ubuntu1.3
CPE2.3- cpe:2.3:o:canonical:golang-1.17-src_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:golang-1.17-go_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:golang-1.17_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7111-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Resource exhaustion
EUVDB-ID: #VU97216
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-34156
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to encoding/gob does not properly control consumption of internal resources when calling Decoder.Decode. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
Note, this vulnerability is related to #VU66068 (CVE-2024-34156).
Update the affected package golang-1.17 to the latest version.
Vulnerable software versionsUbuntu: 22.04
golang-1.17-src (Ubuntu package): before 1.17.13-3ubuntu1.3
golang-1.17-go (Ubuntu package): before 1.17.13-3ubuntu1.3
golang-1.17 (Ubuntu package): before 1.17.13-3ubuntu1.3
CPE2.3- cpe:2.3:o:canonical:golang-1.17-src_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:golang-1.17-go_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:golang-1.17_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7111-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Resource exhaustion
EUVDB-ID: #VU97217
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-34158
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to go/build/constraint does not properly control consumption of internal resources when calling Parse on a "// +build" build tag line with deeply nested expressions. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationUpdate the affected package golang-1.17 to the latest version.
Vulnerable software versionsUbuntu: 22.04
golang-1.17-src (Ubuntu package): before 1.17.13-3ubuntu1.3
golang-1.17-go (Ubuntu package): before 1.17.13-3ubuntu1.3
golang-1.17 (Ubuntu package): before 1.17.13-3ubuntu1.3
CPE2.3- cpe:2.3:o:canonical:golang-1.17-src_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:golang-1.17-go_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:golang-1.17_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-7111-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
