{ "document" : { "aggregate_severity" : { "text" : "mittel" }, "category" : "csaf_base", "csaf_version" : "2.0", "distribution" : { "tlp" : { "label" : "WHITE", "url" : "https://www.first.org/tlp/" } }, "lang" : "de-DE", "notes" : [ { "category" : "legal_disclaimer", "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen." }, { "category" : "description", "text" : "Go ist eine quelloffene Programmiersprache.", "title" : "Produktbeschreibung" }, { "category" : "summary", "text" : "Ein Angreifer kann mehrere Schwachstellen in Golang Go ausnutzen, um erweiterte Privilegien zu erlangen, Cross-Site-Scripting-Angriffe durchzuführen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu verursachen.", "title" : "Angriff" }, { "category" : "general", "text" : "- Sonstiges\n- UNIX\n- Windows", "title" : "Betroffene Betriebssysteme" } ], "publisher" : { "category" : "other", "contact_details" : "csaf-provider@cert-bund.de", "name" : "Bundesamt für Sicherheit in der Informationstechnik", "namespace" : "https://www.bsi.bund.de" }, "references" : [ { "category" : "self", "summary" : "WID-SEC-W-2026-1653 - CSAF Version", "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1653.json" }, { "category" : "self", "summary" : "WID-SEC-2026-1653 - Portal Version", "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1653" }, { "category" : "external", "summary" : "Vulnerabilities in golang.org/x/net vom 2026-05-21", "url" : "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8" }, { "category" : "external", "summary" : "Vulnerabilities in golang.org/x/image vom 2026-05-21", "url" : "https://groups.google.com/g/golang-announce/c/uhYX90BlBvI" }, { "category" : "external", "summary" : "Vulnerabilities in golang.org/x/crypto vom 2026-05-21", "url" : "https://groups.google.com/g/golang-announce/c/a082jnz-LvI" }, { "category" : "external", "summary" : "openSUSE Security Update OPENSUSE-SU-2026:10842-1 vom 2026-05-24", "url" : "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RA6PKGM4RN2T2DFSXXNZRPYQVODGU2NO/" }, { "category" : "external", "summary" : "openSUSE Security Update OPENSUSE-SU-2026:10845-1 vom 2026-05-24", "url" : "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MHOGVSQU7PY2NM3HOJ74FFNGCKPQAWFO/" }, { "category" : "external", "summary" : "openSUSE Security Update OPENSUSE-SU-2026:10908-1 vom 2026-06-02", "url" : "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2VIBP73YHEJH5M2ITECIJTBYUZ4FOZFU/" }, { "category" : "external", "summary" : "openSUSE Security Update OPENSUSE-SU-2026:20854-1 vom 2026-06-02", "url" : "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/J65AQ42VT55IOXXFWFYBKROOWSYNGFDE/" } ], "source_lang" : "en-US", "title" : "Golang Go-Module (Net, Image, Crypto: Mehrere Schwachstellen", "tracking" : { "current_release_date" : "2026-06-02T22:00:00.000+00:00", "generator" : { "date" : "2026-06-03T06:02:37.985+00:00", "engine" : { "name" : "BSI-WID", "version" : "1.6.0" } }, "id" : "WID-SEC-W-2026-1653", "initial_release_date" : "2026-05-21T22:00:00.000+00:00", "revision_history" : [ { "date" : "2026-05-21T22:00:00.000+00:00", "number" : "1", "summary" : "Initiale Fassung" }, { "date" : "2026-05-25T22:00:00.000+00:00", "number" : "2", "summary" : "Neue Updates von European Union Vulnerability Database und openSUSE aufgenommen" }, { "date" : "2026-05-31T22:00:00.000+00:00", "number" : "3", "summary" : "Referenz(en) aufgenommen: EUVD-2026-33419" }, { "date" : "2026-06-02T22:00:00.000+00:00", "number" : "4", "summary" : "Neue Updates von openSUSE aufgenommen" } ], "status" : "final", "version" : "4" } }, "product_tree" : { "branches" : [ { "branches" : [ { "branches" : [ { "category" : "product_version_range", "name" : "net module <0.55.0", "product" : { "name" : "Golang Go net module <0.55.0", "product_id" : "T054525" } }, { "category" : "product_version", "name" : "net module 0.55.0", "product" : { "name" : "Golang Go net module 0.55.0", "product_id" : "T054525-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:golang:go:net_module__0.55.0" } } }, { "category" : "product_version_range", "name" : "crypto module <0.52.0", "product" : { "name" : "Golang Go crypto module <0.52.0", "product_id" : "T054527" } }, { "category" : "product_version", "name" : "crypto module 0.52.0", "product" : { "name" : "Golang Go crypto module 0.52.0", "product_id" : "T054527-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:golang:go:crypto_module__0.52.0" } } }, { "category" : "product_version_range", "name" : "image module <0.41.0", "product" : { "name" : "Golang Go image module <0.41.0", "product_id" : "T054528" } }, { "category" : "product_version", "name" : "image module 0.41.0", "product" : { "name" : "Golang Go image module 0.41.0", "product_id" : "T054528-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:golang:go:image_module__0.41.0" } } } ], "category" : "product_name", "name" : "Go" } ], "category" : "vendor", "name" : "Golang" }, { "branches" : [ { "category" : "product_name", "name" : "SUSE openSUSE", "product" : { "name" : "SUSE openSUSE", "product_id" : "T054596", "product_identification_helper" : { "cpe" : "cpe:/o:suse:opensuse:-" } } } ], "category" : "vendor", "name" : "SUSE" } ] }, "vulnerabilities" : [ { "cve" : "CVE-2026-25680", "product_status" : { "known_affected" : [ "T054596", "T054525" ] }, "release_date" : "2026-05-21T22:00:00.000+00:00", "title" : "CVE-2026-25680" }, { "cve" : "CVE-2026-25681", "product_status" : { "known_affected" : [ "T054596", "T054525" ] }, "release_date" : "2026-05-21T22:00:00.000+00:00", "title" : "CVE-2026-25681" }, { "cve" : "CVE-2026-27136", "product_status" : { "known_affected" : [ "T054596", "T054525" ] }, "release_date" : "2026-05-21T22:00:00.000+00:00", "title" : "CVE-2026-27136" }, { "cve" : "CVE-2026-39821", "product_status" : { "known_affected" : [ "T054596", "T054525" ] }, "release_date" : "2026-05-21T22:00:00.000+00:00", "title" : "CVE-2026-39821" }, { "cve" : "CVE-2026-42502", "product_status" : { "known_affected" : [ "T054596", "T054525" ] }, "release_date" : "2026-05-21T22:00:00.000+00:00", "title" : "CVE-2026-42502" }, { "cve" : "CVE-2026-42506", "product_status" : { "known_affected" : [ "T054596", "T054525" ] }, "release_date" : "2026-05-21T22:00:00.000+00:00", "title" : "CVE-2026-42506" }, { "cve" : "CVE-2026-33809", "product_status" : { "known_affected" : [ "T054596", "T054528" ] }, "release_date" : "2026-05-21T22:00:00.000+00:00", "title" : "CVE-2026-33809" }, { "cve" : "CVE-2026-42500", "product_status" : { "known_affected" : [ "T054596", "T054528" ] }, "release_date" : "2026-05-21T22:00:00.000+00:00", "title" : "CVE-2026-42500" }, { "cve" : "CVE-2026-39827", "product_status" : { "known_affected" : [ "T054596", "T054527" ] }, "release_date" : "2026-05-21T22:00:00.000+00:00", "title" : "CVE-2026-39827" }, { "cve" : "CVE-2026-39828", "product_status" : { "known_affected" : [ "T054596", "T054527" ] }, "release_date" : "2026-05-21T22:00:00.000+00:00", "title" : "CVE-2026-39828" }, { "cve" : "CVE-2026-39829", "product_status" : { "known_affected" : [ "T054596", "T054527" ] }, "release_date" : "2026-05-21T22:00:00.000+00:00", "title" : "CVE-2026-39829" }, { "cve" : "CVE-2026-39830", "product_status" : { "known_affected" : [ "T054596", "T054527" ] }, "release_date" : "2026-05-21T22:00:00.000+00:00", "title" : "CVE-2026-39830" }, { "cve" : "CVE-2026-39831", "product_status" : { "known_affected" : [ "T054596", "T054527" ] }, "release_date" : "2026-05-21T22:00:00.000+00:00", "title" : "CVE-2026-39831" }, { "cve" : "CVE-2026-39832", "product_status" : { "known_affected" : [ "T054596", "T054527" ] }, "release_date" : "2026-05-21T22:00:00.000+00:00", "title" : "CVE-2026-39832" }, { "cve" : "CVE-2026-39833", "product_status" : { "known_affected" : [ "T054596", "T054527" ] }, "release_date" : "2026-05-21T22:00:00.000+00:00", "title" : "CVE-2026-39833" }, { "cve" : "CVE-2026-39834", "product_status" : { "known_affected" : [ "T054596", "T054527" ] }, "release_date" : "2026-05-21T22:00:00.000+00:00", "title" : "CVE-2026-39834" }, { "cve" : "CVE-2026-39835", "product_status" : { "known_affected" : [ "T054596", "T054527" ] }, "release_date" : "2026-05-21T22:00:00.000+00:00", "title" : "CVE-2026-39835" }, { "cve" : "CVE-2026-42508", "product_status" : { "known_affected" : [ "T054596", "T054527" ] }, "release_date" : "2026-05-21T22:00:00.000+00:00", "title" : "CVE-2026-42508" }, { "cve" : "CVE-2026-46595", "product_status" : { "known_affected" : [ "T054596", "T054527" ] }, "release_date" : "2026-05-21T22:00:00.000+00:00", "title" : "CVE-2026-46595" }, { "cve" : "CVE-2026-46597", "product_status" : { "known_affected" : [ "T054596", "T054527" ] }, "release_date" : "2026-05-21T22:00:00.000+00:00", "title" : "CVE-2026-46597" }, { "cve" : "CVE-2026-46598", "product_status" : { "known_affected" : [ "T054596", "T054527" ] }, "release_date" : "2026-05-21T22:00:00.000+00:00", "title" : "CVE-2026-46598" } ] }