Affected by GO-2022-0393
and 17 other vulnerabilities
GO-2022-0393: Network policy may be bypassed by some ICMP Echo Requests in github.com/cilium/cilium
GO-2022-0457: Access to Unix domain socket can lead to privileges escalation in Cilium in github.com/cilium/cilium
GO-2022-0458: Improper Privilege Management in Cilium in github.com/cilium/cilium
GO-2022-0959: Network Policies & (Clusterwide) Cilium Network Policies with namespace label selectors may unexpectedly select pods with maliciously crafted labels in github.com/cilium/cilium
GO-2023-1643: Potential network policy bypass when routing IPv6 traffic in github.com/cilium/cilium
GO-2023-1730: Debug mode leaks confidential data in Cilium in github.com/cilium/cilium
GO-2023-1785: Potential HTTP policy bypass when using header rules in Cilium in github.com/cilium/cilium
GO-2023-2078: Kubernetes users may update Pod labels to bypass network policy in github.com/cilium/cilium
GO-2023-2079: Specific Cilium configurations vulnerable to DoS via Kubernetes annotations in github.com/cilium/cilium
GO-2023-2080: Cilium vulnerable to bypass of namespace restrictions in CiliumNetworkPolicy in github.com/cilium/cilium
GO-2024-2656: Unencrypted traffic between nodes with IPsec in github.com/cilium/cilium
GO-2024-2666: Insecure IPsec transparent encryption in github.com/cilium/cilium
GO-2024-3072: Policy bypass for Host Firewall policy due to race condition in Cilium agent in github.com/cilium/cilium
GO-2025-4167: Cilium with misconfigured toGroups in policies can lead to unrestricted egress traffic in Ciliumgithub.com/cilium/cilium
GO-2026-4856: Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic in github.com/cilium/cilium
GO-2026-5400: Cillium exposes sensitive information included in the cilium-bugtool debug archive in github.com/cilium/cilium
GO-2026-5905: Cilium vulnerable to sensitive information disclosure and cluster disruption via local Envoy admin socket access in github.com/cilium/cilium
GO-2026-5914: CiliumLocalRedirectPolicy addressMatcher allows cross-namespace service traffic hijacking and can break service translation in github.com/cilium/cilium
NewRing creates a ring buffer. For efficiency, the internal
buffer length will be a bitmask of ones + 1. The most significant bit
position of this bitmask will be same position of the most significant bit
position of 'n'.
E.g.:
LastWrite returns the last element written.
Note: If Write(*v1.Event) is being executed concurrently with Read(uint64)
please use LastWriteParallel instead.
Write writes the given event into the ring buffer in the next available
writing block. The entry must not be nil, otherwise readFrom will block when
reading back this event.
Next reads the event at the current position and increment the read position.
Returns io.EOF if there are no more entries. May return ErrInvalidRead
if the writer overtook this RingReader.
NextFollow reads the event at the current position and increment the read
position by one. If there are no more event to read, NextFollow blocks
until the next event is added to the ring or the context is cancelled.