| $ govulncheck -dir ${moddir}/manystacks -v . --> FAIL 3 |
| govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback. |
| |
| Scanning for dependencies with known vulnerabilities... |
| Found 1 known vulnerability. |
| |
| Vulnerability #1: GO-2020-0040 |
| Due to unchecked type assertions, maliciously crafted messages |
| can cause panics, which may be used as a denial of service |
| vector. |
| |
| Call stacks in your code: |
| #1: for function DHT.GetPeers |
| example.com/manystacks.main |
| .../main.go:27:2 |
| example.com/manystacks.main$2 |
| .../main.go:30:28 |
| example.com/manystacks/otherpkg.GetPeers |
| .../otherpkg.go:6:19 |
| github.com/shiyanhui/dht.DHT.GetPeers |
| #2: for function DHT.Run |
| example.com/manystacks.main |
| .../main.go:44:7 |
| github.com/shiyanhui/dht.DHT.Run |
| #3: for function New |
| example.com/manystacks.main |
| .../main.go:16:14 |
| github.com/shiyanhui/dht.New |
| |
| Found in: github.com/shiyanhui/dht@v0.0.0-20201219151056-5a20f3199263 |
| Fixed in: N/A |
| More info: https://pkg.go.dev/vuln/GO-2020-0040 |
| |
| === Informational === |
| |
| The vulnerabilities below are in packages that you import, but your code |
| doesn't appear to call any vulnerable functions. You may not need to take any |
| action. See https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck |
| for details. |
| |
| Vulnerability #1: GO-2022-0969 |
| HTTP/2 server connections can hang forever waiting for a clean |
| shutdown that was preempted by a fatal error. This condition can |
| be exploited by a malicious client to cause a denial of service. |
| Found in: net/http@go1.18 |
| Fixed in: net/http@go1.19.1 |
| More info: https://pkg.go.dev/vuln/GO-2022-0969 |
