Vulnerability Scan Report for registry.suse.com/bci/golang:1.20-2.23

Go 1.21 development container based on the SLE Base Container Image.

registry.suse.com/bci/golang:1.20-2.23

Last scanned on: May 20, 2025 02:04

Package Name	Severity	Status	Description	Reference links
libpcre2-8-0	MEDIUM	fixed	Security update for pcre2 Vulnerability ID: SUSE-SU-2023:3327-1 Installed Version: 10.39-150400.4.6.1 Fixed Version: 10.39-150400.4.9.1 This update for pcre2 fixes the following issues: - CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514).	CVE-2022-41409 SU-20233327-1 SUSE Bug#1213514 SUSE Mailing List [sle-updates] 2023-August#031021 SUSE Security Rating
libprocps7	LOW	fixed	Security update for procps Vulnerability ID: SUSE-SU-2023:3472-1 Installed Version: 3.3.15-150000.7.28.1 Fixed Version: 3.3.15-150000.7.34.1 This update for procps fixes the following issues: - CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290).	CVE-2023-4016 SU-20233472-1 SUSE Bug#1214290 SUSE Mailing List [sle-updates] 2023-August#031239 SUSE Security Rating
libsmartcols1	HIGH	fixed	Security update for util-linux Vulnerability ID: SUSE-SU-2024:1169-1 Installed Version: 2.37.2-150400.8.14.1 Fixed Version: 2.37.2-150400.8.29.1 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831)	CVE-2024-28085 SU-20241169-1 SUSE Bug#1207987 SUSE Bug#1220117 SUSE Bug#1221831 SUSE Mailing List [sle-updates] 2024-April#034905 SUSE Security Rating
libsqlite3-0	HIGH	fixed	Security update for sqlite3 Vulnerability ID: SUSE-SU-2023:4619-1 Installed Version: 3.39.3-150000.3.20.1 Fixed Version: 3.44.0-150000.3.23.1 This update for sqlite3 fixes the following issues: - CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660).	CVE-2023-2137 SU-20234619-1 SUSE Bug#1210660 SUSE Mailing List [sle-updates] 2023-November#032971 SUSE Security Rating
libssh-config	HIGH	fixed	Security update for libssh Vulnerability ID: SUSE-SU-2024:0140-1 Installed Version: 0.9.6-150400.1.5 Fixed Version: 0.9.8-150400.3.3.1 This update for libssh fixes the following issues: Security fixes: - CVE-2023-6004: Fixed command injection using proxycommand (bsc#1218209) - CVE-2023-48795: Fixed potential downgrade attack using strict kex (bsc#1218126) - CVE-2023-6918: Fixed missing checks for return values of MD functions (bsc#1218186) - CVE-2023-1667: Fixed NULL dereference during rekeying with algorithm guessing (bsc#1211188) - CVE-2023-2283: Fixed possible authorization bypass in pki_verify_data_signature under low-memory conditions (bsc#1211190) Other fixes: - Update to version 0.9.8 - Allow @ in usernames when parsing from URI composes - Update to version 0.9.7 - Fix several memory leaks in GSSAPI handling code	CVE-2023-1667 CVE-2023-2283 CVE-2023-48795 CVE-2023-6004 CVE-2023-6918 SU-20240140-1 SUSE Bug#1211188 SUSE Bug#1211190 SUSE Bug#1218126 SUSE Bug#1218186 SUSE Bug#1218209 SUSE Mailing List [sle-security-updates] 2024-January#017678 SUSE Security Rating