Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2021-39293

Опубликовано: 24 янв. 2022
Источник: debian
EPSS Низкий

Описание

In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
golang-1.17fixed1.17.1-1package
golang-1.16fixed1.16.8-1package
golang-1.15fixed1.15.15-2package
golang-1.15fixed1.15.15-1~deb11u1bullseyepackage
golang-1.11removedpackage
golang-1.8removedpackage
golang-1.7removedpackage

Примечания

  • https://github.com/golang/go/issues/47801

  • https://github.com/golang/go/commit/1dd24caf08985066b309af6bc461780c73e05c35 (1.17.1)

  • https://github.com/golang/go/commit/6c480017ae600b2c90a264a922e041df04dfa785 (1.16.8)

EPSS

Процентиль: 2%
0.00016
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2021-39293

CVSS3: 7.5
ubuntu
больше 3 лет назад

In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196.

redhat логотип

CVE-2021-39293

CVSS3: 7.5
redhat
почти 4 года назад

In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196.

nvd логотип

CVE-2021-39293

CVSS3: 7.5
nvd
больше 3 лет назад

In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196.

suse-cvrf логотип

openSUSE-SU-2021:3292-1

suse-cvrf
больше 3 лет назад

Security update for go1.16

suse-cvrf логотип

openSUSE-SU-2021:1342-1

suse-cvrf
больше 3 лет назад

Security update for go1.16

EPSS

Процентиль: 2%
0.00016
Низкий