pkg:Debian/golang-1.26

All known vulnerabilities

• CRITICAL9.8CVE-2026-27143Missing bound checks can lead to memory corruption in safe Go in cmd/compile
  from 0, < 1.26.2-1
• HIGH8.8CVE-2026-27140Code execution vulnerability in SWIG code generation in cmd/go
  from 0, < 1.26.2-1
• HIGH8.2Case-sensitive excludedSubtrees name constraints cause Auth Bypass in crypto/x509
  from 0, < 1.26.2-1
• HIGH7.5Quadratic complexity in WordDecoder.DecodeHeader in mime
  from 0, < 1.26.4-1
• HIGH7.5Crash when handling long CNAME response in net
  from 0, < 1.26.3-1
• HIGH7.5Malicious module proxy can bypass checksum database in cmd/go
  from 0, < 1.26.3-1
• HIGH7.5Quadratic string concatenation in consumePhrase in net/mail
  from 0, < 1.26.3-1
• HIGH7.5Quadratic string concatentation in consumeComment in net/mail
  from 0, < 1.26.3-1
• HIGH7.5Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls
  from 0, < 1.26.2-1
• HIGH7.5Unexpected work during chain building in crypto/x509
  from 0, < 1.26.2-1
• HIGH7.5Inefficient policy validation in crypto/x509
  from 0, < 1.26.2-1
• HIGH7.5Incorrect parsing of IPv6 host literals in net/url
  from 0, < 1.26.1-1
• HIGH7.5Incorrect enforcement of email constraints in crypto/x509
  from 0, < 1.26.1-1
• HIGH7.1Miscompilation allows memory corruption via CONVNOP-wrapped array copy in cmd/compile
  from 0, < 1.26.2-1
• MEDIUM6.5Inefficient candidate hostname parsing in crypto/x509
  from 0, < 1.26.4-1
• MEDIUM6.4TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix
  from 0, < 1.26.2-1
• MEDIUM6.1Bypass of meta content URL escaping causes XSS in html/template
  from 0, < 1.26.3-1
• MEDIUM6.1Escaper bypass leads to XSS in html/template
  from 0, < 1.26.3-1
• MEDIUM6.1JsBraceDepth Context Tracking Bugs (XSS) in html/template
  from 0, < 1.26.2-1
• MEDIUM6.1URLs in meta content attribute actions are not escaped in html/template
  from 0, < 1.26.1-1
• MEDIUM5.9Invoking "go tool pack" does not sanitize output paths in cmd/go
  from 0, < 1.26.3-1
• MEDIUM5.9Panic in name constraint checking for malformed certificates in crypto/x509
  from 0, < 1.26.1-1
• MEDIUM5.5Unbounded allocation for old GNU sparse in archive/tar
  from 0, < 1.26.2-1
• MEDIUM5.3Arbitrary inputs are included in errors without any escaping in net/textproto
  from 0, < 1.26.4-1
• MEDIUM5.3ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil
  from 0, < 1.26.3-1
• MEDIUM5.3Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/go
  from 0, < 1.26.3-1
• LOW2.5FileInfo can escape from a Root in os
  from 0, < 1.26.1-1