Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2021-31525

Опубликовано: 27 мая 2021
Источник: debian

Описание

net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
golang-1.16fixed1.16.4-1package
golang-1.15fixed1.15.9-2package
golang-1.11removedpackage
golang-1.11postponedbusterpackage
golang-1.8removedpackage
golang-1.8postponedstretchpackage
golang-1.7removedpackage
golang-1.7postponedstretchpackage
golang-golang-x-netfixed1:0.0+git20210119.5f4716e+dfsg-3package
golang-golang-x-net-devremovedpackage
golang-golang-x-net-devpostponedbusterpackage
golang-golang-x-net-devno-dsastretchpackage

Примечания

  • https://github.com/golang/go/issues/45710

  • https://github.com/golang/go/issues/45711 (1.15 backport)

  • https://github.com/golang/go/issues/45712 (1.16 backport)

  • https://go-review.googlesource.com/c/net/+/313069

  • golang: introduced by https://github.com/golang/go/commit/ae080c1aecb129a3230e7afecdb4a16ad3da9b3c (go1.5beta1)

  • golang-golang-x-net: introduced by https://github.com/golang/net/commit/5916dcb167ed985a5b9e6871fbfd74848a4c170b

Связанные уязвимости

ubuntu логотип

CVE-2021-31525

CVSS3: 5.9
ubuntu
около 4 лет назад

net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.

redhat логотип

CVE-2021-31525

CVSS3: 5.9
redhat
около 4 лет назад

net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.

nvd логотип

CVE-2021-31525

CVSS3: 5.9
nvd
около 4 лет назад

net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.

msrc логотип

CVE-2021-31525

CVSS3: 5.9
msrc
около 4 лет назад

Описание отсутствует

suse-cvrf логотип

openSUSE-SU-2021:0904-1

suse-cvrf
почти 4 года назад

Security update for go1.15