File: query_stdlib_json.ct

package info (click to toggle)
golang-golang-x-vuln 1.0.4-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 4,400 kB
  • sloc: sh: 161; asm: 40; makefile: 7
file content (129 lines) | stat: -rw-r--r-- 3,165 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
 
#####
# Test of query mode with the standard library.
$ govulncheck -mode=query -json stdlib@go1.17
{
  "config": {
    "protocol_version": "v1.0.0",
    "scanner_name": "govulncheck",
    "scanner_version": "v0.0.0-00000000000-20000101010101",
    "db": "testdata/vulndb-v1",
    "db_last_modified": "2023-04-03T15:57:51Z",
    "scan_level": "symbol"
  }
}
{
  "progress": {
    "message": "Looking up vulnerabilities in stdlib at go1.17..."
  }
}
{
  "osv": {
    "schema_version": "1.3.1",
    "id": "GO-2022-0969",
    "modified": "2023-04-03T15:57:51Z",
    "published": "2022-09-12T20:23:06Z",
    "aliases": [
      "CVE-2022-27664",
      "GHSA-69cg-p879-7622"
    ],
    "details": "HTTP/2 server connections can hang forever waiting for a clean shutdown that was preempted by a fatal error. This condition can be exploited by a malicious client to cause a denial of service.",
    "affected": [
      {
        "package": {
          "name": "stdlib",
          "ecosystem": "Go"
        },
        "ranges": [
          {
            "type": "SEMVER",
            "events": [
              {
                "introduced": "0"
              },
              {
                "fixed": "1.18.6"
              },
              {
                "introduced": "1.19.0"
              },
              {
                "fixed": "1.19.1"
              }
            ]
          }
        ],
        "ecosystem_specific": {
          "imports": [
            {
              "path": "net/http",
              "symbols": [
                "ListenAndServe",
                "ListenAndServeTLS",
                "Serve",
                "ServeTLS",
                "Server.ListenAndServe",
                "Server.ListenAndServeTLS",
                "Server.Serve",
                "Server.ServeTLS",
                "http2Server.ServeConn",
                "http2serverConn.goAway"
              ]
            }
          ]
        }
      },
      {
        "package": {
          "name": "golang.org/x/net",
          "ecosystem": "Go"
        },
        "ranges": [
          {
            "type": "SEMVER",
            "events": [
              {
                "introduced": "0"
              },
              {
                "fixed": "0.0.0-20220906165146-f3363e06e74c"
              }
            ]
          }
        ],
        "ecosystem_specific": {
          "imports": [
            {
              "path": "golang.org/x/net/http2",
              "symbols": [
                "Server.ServeConn",
                "serverConn.goAway"
              ]
            }
          ]
        }
      }
    ],
    "references": [
      {
        "type": "WEB",
        "url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s"
      },
      {
        "type": "REPORT",
        "url": "https://go.dev/issue/54658"
      },
      {
        "type": "FIX",
        "url": "https://go.dev/cl/428735"
      }
    ],
    "credits": [
      {
        "name": "Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher, and Kaan Onarlioglu"
      }
    ],
    "database_specific": {
      "url": "https://pkg.go.dev/vuln/GO-2022-0969"
    }
  }
}