Skip to content

Update module golang.org/x/sys to v0.44.0 [SECURITY] (release/v2.14)#392

Merged
thatmidwesterncoder merged 1 commit into
release/v2.14from
renovate/release/v2.14-go-golang.org-x-sys-vulnerability
Jun 24, 2026
Merged

Update module golang.org/x/sys to v0.44.0 [SECURITY] (release/v2.14)#392
thatmidwesterncoder merged 1 commit into
release/v2.14from
renovate/release/v2.14-go-golang.org-x-sys-vulnerability

Conversation

@renovate-rancher

Copy link
Copy Markdown

This PR contains the following updates:

Package Change Age Confidence
golang.org/x/sys v0.38.0v0.44.0 age confidence

Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

CVE-2026-39824 / GO-2026-5024

More information

Details

NewNTUnicodeString does not check for string length overflow. When provided with a string that overflows the maximum size of a NTUnicodeString (a 16-bit number of bytes), it returns a truncated string rather than an error.

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • ""
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@thatmidwesterncoder thatmidwesterncoder merged commit 356c6ca into release/v2.14 Jun 24, 2026
2 checks passed
@thatmidwesterncoder thatmidwesterncoder deleted the renovate/release/v2.14-go-golang.org-x-sys-vulnerability branch June 24, 2026 16:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant