Go Vulnerabilities

An attacker can cause a program using certain versions of Go to crash by sending it a message with deeply nested data structures, which overwhelms the system's memory. This vulnerability requires the attacker to be able to send specially crafted messages to the affected application.

An attacker can crash a Go application by sending a specially crafted XML document that causes excessive nesting in the data structure being processed. This vulnerability affects versions of Go before 1.17.12 and 1.18.4, and it requires the application to use the 'any' field tag in its data structures.

An attacker can crash a Go application by sending it a specially crafted file path with many separators, which causes the program to run out of memory and stop working. This issue affects versions of Go before 1.17.12 and 1.18.4, so using an outdated version increases the risk.

This vulnerability allows an attacker to execute malicious binaries in the working directory if they are named with the extensions "..com" or "..exe" when certain commands are run without specifying a path. This can happen in specific versions of Go when using functions that start or run commands, making it crucial for users to ensure they set the command path properly to avoid exploitation.