We install the toolkit from the Percona website.
Software link: https://downloads.percona.com/downloads/percona-toolkit/3.5.1/binary/tarball/percona-toolkit-3.5.1_x86_64.tar.gz
After installing the software and scanning the image with Twistlock gives us the below list of CVEs.
Can we expect a newer tar gz for Linux OS be published and when?
---------------
| * CVE * |
SEVERITY |
CVSS |
PACKAGE |
VERSION |
STATUS |
PUBLISHED |
DISCOVERED |
* DESCRIPTION * |
---------------
| CVE-2022-41715 |
high |
7.50 |
go |
1.18.3 |
fixed in 1.19.2, 1.18.7 |
> 4 months |
< 1 hour |
Programs which compile regular expressions from |
| |
|
|
|
|
> 4 months ago |
|
|
untrusted sources may be vulnerable to memory |
| |
|
|
|
|
|
|
|
exhaustion or denial of service. The parsed regexp |
---------------
| CVE-2022-32190 |
high |
7.50 |
go |
1.18.3 |
fixed in 1.18.6 |
> 5 months |
< 1 hour |
JoinPath and URL.JoinPath do not remove ../ path |
| |
|
|
|
|
> 5 months ago |
|
|
elements appended to a relative path. For example, |
| |
|
|
|
|
|
|
|
JoinPath(\"https://go.dev\", \"../go\") returns |
---------------
| CVE-2022-32189 |
high |
7.50 |
go |
1.18.3 |
fixed in 1.18.5, 1.17.13 |
> 6 months |
< 1 hour |
A too-short encoded message can cause a panic in |
| |
|
|
|
|
> 6 months ago |
|
|
Float.GobDecode and Rat GobDecode in math/big in |
| |
|
|
|
|
|
|
|
Go before 1.17.13 and 1.18.5, potentially allowing |
---------------
| CVE-2022-30635 |
high |
7.50 |
go |
1.18.3 |
fixed in 1.18.4, 1.17.12 |
> 6 months |
< 1 hour |
Uncontrolled recursion in Decoder.Decode in |
| |
|
|
|
|
> 6 months ago |
|
|
encoding/gob before Go 1.17.12 and Go 1.18.4 |
| |
|
|
|
|
|
|
|
allows an attacker to cause a panic due to stack |
---------------
| CVE-2022-30633 |
high |
7.50 |
go |
1.18.3 |
fixed in 1.18.4, 1.17.12 |
> 6 months |
< 1 hour |
Uncontrolled recursion in Unmarshal in |
| |
|
|
|
|
> 6 months ago |
|
|
encoding/xml before Go 1.17.12 and Go 1.18.4 |
| |
|
|
|
|
|
|
|
allows an attacker to cause a panic due to stack |
---------------
| CVE-2022-30632 |
high |
7.50 |
go |
1.18.3 |
fixed in 1.18.4, 1.17.12 |
> 6 months |
< 1 hour |
Uncontrolled recursion in Glob in path/filepath |
| |
|
|
|
|
> 6 months ago |
|
|
before Go 1.17.12 and Go 1.18.4 allows an attacker |
| |
|
|
|
|
|
|
|
to cause a panic due to stack exhaustion via a |
---------------
| CVE-2022-30631 |
high |
7.50 |
go |
1.18.3 |
fixed in 1.18.4, 1.17.12 |
> 6 months |
< 1 hour |
Uncontrolled recursion in Reader.Read in |
| |
|
|
|
|
> 6 months ago |
|
|
compress/gzip before Go 1.17.12 and Go 1.18.4 |
| |
|
|
|
|
|
|
|
allows an attacker to cause a panic due to stack |
---------------
| CVE-2022-30630 |
high |
7.50 |
go |
1.18.3 |
fixed in 1.18.4, 1.17.12 |
> 6 months |
< 1 hour |
Uncontrolled recursion in Glob in io/fs before Go |
| |
|
|
|
|
> 6 months ago |
|
|
1.17.12 and Go 1.18.4 allows an attacker to cause |
| |
|
|
|
|
|
|
|
a panic due to stack exhaustion via a path which |
---------------
| CVE-2022-2880 |
high |
7.50 |
go |
1.18.3 |
fixed in 1.19.2, 1.18.7 |
> 4 months |
< 1 hour |
Requests forwarded by ReverseProxy include the |
| |
|
|
|
|
> 4 months ago |
|
|
raw query parameters from the inbound request, |
| |
|
|
|
|
|
|
|
including unparseable parameters rejected by |
---------------
| CVE-2022-2879 |
high |
7.50 |
go |
1.18.3 |
fixed in 1.19.2, 1.18.7 |
> 4 months |
< 1 hour |
Reader.Read does not set a limit on the maximum |
| |
|
|
|
|
> 4 months ago |
|
|
size of file headers. A maliciously crafted |
| |
|
|
|
|
|
|
|
archive could cause Read to allocate unbounded |
---------------
| CVE-2022-28131 |
high |
7.50 |
go |
1.18.3 |
fixed in 1.18.4, 1.17.12 |
> 6 months |
< 1 hour |
Uncontrolled recursion in Decoder.Skip in |
| |
|
|
|
|
> 6 months ago |
|
|
encoding/xml before Go 1.17.12 and Go 1.18.4 |
| |
|
|
|
|
|
|
|
allows an attacker to cause a panic due to stack |
---------------
| CVE-2022-27664 |
high |
7.50 |
go |
1.18.3 |
fixed in 1.19.1, 1.18.6 |
> 5 months |
< 1 hour |
In net/http in Go before 1.18.6 and 1.19.x before |
| |
|
|
|
|
> 5 months ago |
|
|
1.19.1, attackers can cause a denial of service |
| |
|
|
|
|
|
|
|
because an HTTP/2 connection can hang during |
---------------
| CVE-2022-32148 |
medium |
6.50 |
go |
1.18.3 |
fixed in 1.18.4, 1.17.12 |
> 6 months |
< 1 hour |
Improper exposure of client IP addresses |
| |
|
|
|
|
> 6 months ago |
|
|
in net/http before Go 1.17.12 and Go |
| |
|
|
|
|
|
|
|
1.18.4 can be triggered by calling |
| |
|
|
|
|
|
|
|
httputil.ReverseProxy.ServeHTTP with ... |
---------------
| CVE-2022-1705 |
medium |
6.50 |
go |
1.18.3 |
fixed in 1.18.4, 1.17.12 |
> 6 months |
< 1 hour |
Acceptance of some invalid Transfer-Encoding |
| |
|
|
|
|
> 6 months ago |
|
|
headers in the HTTP/1 client in net/http before |
| |
|
|
|
|
|
|
|
Go 1.17.12 and Go 1.18.4 allows HTTP request |
---------------
| CVE-2022-1962 |
medium |
5.50 |
go |
1.18.3 |
fixed in 1.18.4, 1.17.12 |
> 6 months |
< 1 hour |
Uncontrolled recursion in the Parse functions in |
| |
|
|
|
|
> 6 months ago |
|
|
go/parser before Go 1.17.12 and Go 1.18.4 allow an |
| |
|
|
|
|
|
|
|
attacker to cause a panic due to stack exhaustion |
---------------
| CVE-2022-41716 |
medium |
5.40 |
go |
1.18.3 |
fixed in 1.19.3, 1.18.8 |
> 3 months |
< 1 hour |
Due to unsanitized NUL values, attackers may be |
| |
|
|
|
|
> 3 months ago |
|
|
able to maliciously set environment variables on |
| |
|
|
|
|
|
|
|
Windows. In syscall.StartProcess and os/exec.Cmd, |
---------------
| CVE-2022-41717 |
medium |
5.30 |
go |
1.18.3 |
fixed in 1.19.4, 1.18.9 |
74 days |
< 1 hour |
An attacker can cause excessive memory growth in a |
| |
|
|
|
|
70 days ago |
|
|
Go server accepting HTTP/2 requests. HTTP/2 server |
| |
|
|
|
|
|
|
|
connections contain a cache of HTTP header keys |
---------------
| CVE-2022-41723 |
low |
1.00 |
golang.org/x/net |
v0.4.0 |
fixed in 0.7.0 |
4 days |
< 1 hour |
A maliciously crafted HTTP/2 stream could cause |
| |
|
|
|
|
4 days ago |
|
|
excessive CPU consumption in the HPACK decoder, |
| |
|
|
|
|
|
|
|
sufficient to cause a denial of service from a |
---------------
Bug
Medium