testkube-migration-1.19.0_linux_arm64

digest	`sha256:9cf8e2db8b42f15a291a28c27a2cf15bcbe8f3635adc92a163a67e4cb05f10d9`
vulnerabilities
platform	linux/arm64
size	32 MB
packages	196

stdlib 1.25.1 (golang)

pkg:golang/stdlib@1.25.1

Affected range	`>=1.25.0 <1.25.2`
Fixed version	`1.25.2`
EPSS Score	`0.030%`
EPSS Percentile	`8th percentile`

Description

The ParseAddress function constructeds domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.

Affected range	`>=1.25.0 <1.25.2`
Fixed version	`1.25.2`
EPSS Score	`0.024%`
EPSS Percentile	`5th percentile`

Description

Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method.

This affects programs which validate arbitrary certificate chains.

Affected range	`>=1.25.0 <1.25.2`
Fixed version	`1.25.2`
EPSS Score	`0.029%`
EPSS Percentile	`7th percentile`

Description

The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input.

This affects programs which parse untrusted PEM inputs.

Affected range	`>=1.25.0 <1.25.3`
Fixed version	`1.25.3`
EPSS Score	`0.008%`
EPSS Percentile	`1st percentile`

Description

Due to the design of the name constraint checking algorithm, the processing time of some inputs scals non-linearly with respect to the size of the certificate.

This affects programs which validate arbitrary certificate chains.

Affected range	`>=1.25.0 <1.25.2`
Fixed version	`1.25.2`
EPSS Score	`0.039%`
EPSS Percentile	`11th percentile`

Description

The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.

Affected range	`>=1.25.0 <1.25.2`
Fixed version	`1.25.2`
EPSS Score	`0.029%`
EPSS Percentile	`7th percentile`

Description

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.

Affected range	`>=1.25.0 <1.25.2`
Fixed version	`1.25.2`
EPSS Score	`0.039%`
EPSS Percentile	`11th percentile`

Description

Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.

Affected range	`>=1.25.0 <1.25.2`
Fixed version	`1.25.2`
EPSS Score	`0.019%`
EPSS Percentile	`4th percentile`

Description

Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.

Affected range	`>=1.25.0 <1.25.2`
Fixed version	`1.25.2`
EPSS Score	`0.043%`
EPSS Percentile	`13th percentile`

Description

The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://[::1]/". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.

Affected range	`>=1.25.0 <1.25.2`
Fixed version	`1.25.2`
EPSS Score	`0.006%`
EPSS Percentile	`0th percentile`

Description

tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.