Affected by GO-2022-0457
and 16 other vulnerabilities
GO-2022-0457: Access to Unix domain socket can lead to privileges escalation in Cilium in github.com/cilium/cilium
GO-2022-0458: Improper Privilege Management in Cilium in github.com/cilium/cilium
GO-2022-0959: Network Policies & (Clusterwide) Cilium Network Policies with namespace label selectors may unexpectedly select pods with maliciously crafted labels in github.com/cilium/cilium
GO-2023-1643: Potential network policy bypass when routing IPv6 traffic in github.com/cilium/cilium
GO-2023-1730: Debug mode leaks confidential data in Cilium in github.com/cilium/cilium
GO-2023-1785: Potential HTTP policy bypass when using header rules in Cilium in github.com/cilium/cilium
GO-2023-2078: Kubernetes users may update Pod labels to bypass network policy in github.com/cilium/cilium
GO-2023-2079: Specific Cilium configurations vulnerable to DoS via Kubernetes annotations in github.com/cilium/cilium
GO-2023-2080: Cilium vulnerable to bypass of namespace restrictions in CiliumNetworkPolicy in github.com/cilium/cilium
GO-2024-2656: Unencrypted traffic between nodes with IPsec in github.com/cilium/cilium
GO-2024-2666: Insecure IPsec transparent encryption in github.com/cilium/cilium
GO-2024-3072: Policy bypass for Host Firewall policy due to race condition in Cilium agent in github.com/cilium/cilium
GO-2025-4167: Cilium with misconfigured toGroups in policies can lead to unrestricted egress traffic in Ciliumgithub.com/cilium/cilium
GO-2026-4856: Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic in github.com/cilium/cilium
GO-2026-5400: Cillium exposes sensitive information included in the cilium-bugtool debug archive in github.com/cilium/cilium
GO-2026-5905: Cilium vulnerable to sensitive information disclosure and cluster disruption via local Envoy admin socket access in github.com/cilium/cilium
GO-2026-5914: CiliumLocalRedirectPolicy addressMatcher allows cross-namespace service traffic hijacking and can break service translation in github.com/cilium/cilium
Package binary is a fork of the upstream golang library. The modifications
made from the upstream source code are only related with the binary.read
function.
Read reads structured binary data from r into data.
Data must be a pointer to a fixed-size value or a slice
of fixed-size values.
Bytes read from r are decoded using the specified byte order
and written to successive fields of the data.
When decoding boolean values, a zero byte is decoded as false, and
any other non-zero byte is decoded as true.
When reading into structs, the field data for fields with
blank (_) field names is skipped; i.e., blank field names
may be used for padding.
When reading into a struct, all non-blank fields must be exported
or Read may panic.
The error is EOF only if no bytes were read.
If an EOF happens after reading some but not all the bytes,
Read returns ErrUnexpectedEOF.
This Read function differs from the upstream encoding/binary.Read as it does
not requires the caller to setup a reader as well as this function does
not allocate any memory to read from the given slice of bytes.