CVE-2021-36221

Опубликовано: 08 авг. 2021

Источник: debian

Описание

Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
golang-1.16	fixed	1.16.7-1		package
golang-1.15	fixed	1.15.15-1		package
golang-1.15	fixed	1.15.15-1~deb11u1	bullseye	package
golang-1.11	removed			package
golang-1.8	removed			package
golang-1.7	removed			package

Примечания

https://github.com/golang/go/issues/46866
https://github.com/golang/go/commit/b7a85e0003cedb1b48a1fd3ae5b746ec6330102e (master)
https://github.com/golang/go/commit/accf363d5da864521c90b152fb734f3f15e00521 (release-branch.go1.16)
https://github.com/golang/go/commit/ba93baa74a52d57ae79313313ea990cc791ef50e (release-branch.go1.15)

Связанные уязвимости

CVE-2021-36221

CVSS3: 5.9

ubuntu

почти 4 года назад

Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.

CVE-2021-36221

CVSS3: 5.9

redhat

почти 4 года назад

Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.

CVE-2021-36221

CVSS3: 5.9

nvd

почти 4 года назад

Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.

CVE-2021-36221

CVSS3: 5.9

msrc

почти 4 года назад

Описание отсутствует

openSUSE-SU-2021:2788-1

suse-cvrf

почти 4 года назад

Security update for go1.16