Skip to content

Use of vulnerable golang version in docker image #960

Description

@GlatBane

Our security tool flags your mssql docker image as having a vulnerable version of stdlib from Go version 1.23.1

I have tried both the 2022 and 2025 versions and observed the same picture on both.

The version of Go 1.23.x is also end of life according to https://go.dev/doc/devel/release where 1.26 and 1.25 is the supported versions.

Please update the shipped binaries to use a newer version of go

Identified path:
/opt/mssql/bin/launchpadd
/opt/mssql-extensibility/bin/launchpad
/opt/mssql/bin/setnetbr

Identified CVEs:
Critical
https://www.cve.org/CVERecord?id=CVE-2025-22871
High
https://www.cve.org/CVERecord?id=CVE-2026-27140
https://www.cve.org/CVERecord?id=CVE-2025-4674
https://www.cve.org/CVERecord?id=CVE-2025-61732
https://www.cve.org/CVERecord?id=CVE-2025-61731
https://www.cve.org/CVERecord?id=CVE-2026-32281
https://www.cve.org/CVERecord?id=CVE-2026-32283
https://www.cve.org/CVERecord?id=CVE-2026-32280
https://www.cve.org/CVERecord?id=CVE-2025-58188
https://www.cve.org/CVERecord?id=CVE-2025-58187
https://www.cve.org/CVERecord?id=CVE-2025-61729
https://www.cve.org/CVERecord?id=CVE-2025-61723
https://www.cve.org/CVERecord?id=CVE-2025-61725
https://www.cve.org/CVERecord?id=CVE-2026-25679
https://www.cve.org/CVERecord?id=CVE-2025-61726
https://www.cve.org/CVERecord?id=CVE-2025-68121
https://www.cve.org/CVERecord?id=CVE-2025-47907
Medium
https://www.cve.org/CVERecord?id=CVE-2025-4673
https://www.cve.org/CVERecord?id=CVE-2025-61727
https://www.cve.org/CVERecord?id=CVE-2025-61728
https://www.cve.org/CVERecord?id=CVE-2025-47906
https://www.cve.org/CVERecord?id=CVE-2026-32282
https://www.cve.org/CVERecord?id=CVE-2026-32289
https://www.cve.org/CVERecord?id=CVE-2026-27142
https://www.cve.org/CVERecord?id=CVE-2024-45341
https://www.cve.org/CVERecord?id=CVE-2024-45336
https://www.cve.org/CVERecord?id=CVE-2026-32288
https://www.cve.org/CVERecord?id=CVE-2025-61730
https://www.cve.org/CVERecord?id=CVE-2025-58189
https://www.cve.org/CVERecord?id=CVE-2025-61724
https://www.cve.org/CVERecord?id=CVE-2025-47912
https://www.cve.org/CVERecord?id=CVE-2025-58185
https://www.cve.org/CVERecord?id=CVE-2025-58186
https://www.cve.org/CVERecord?id=CVE-2025-58183
https://www.cve.org/CVERecord?id=CVE-2025-22866
Low
https://www.cve.org/CVERecord?id=CVE-2025-22873
https://www.cve.org/CVERecord?id=CVE-2026-27139

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions