CVE-2021-36221

Опубликовано: 08 авг. 2021

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.

Ссылки

https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
Patch
Third Party Advisory
https://groups.google.com/forum/#%21forum/golang-announce
https://groups.google.com/g/golang-announce/c/JvWG9FUUYT0
Mailing List
Third Party Advisory
https://groups.google.com/g/golang-announce/c/uHACNfXAZqk
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MU47VKTNXX33ZDLTI2ORRUY3KLJKU6G/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HM7U5JNS5WU66Q3S26PFIU2ITB2ATTQ4/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4AMYYHGBYMIWCCR5RCDFI5RAUJOPO5L/
https://security.gentoo.org/glsa/202208-02
Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
Patch
Third Party Advisory
https://groups.google.com/forum/#%21forum/golang-announce
https://groups.google.com/g/golang-announce/c/JvWG9FUUYT0
Mailing List
Third Party Advisory
https://groups.google.com/g/golang-announce/c/uHACNfXAZqk
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MU47VKTNXX33ZDLTI2ORRUY3KLJKU6G/

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*

Версия до 1.15.15 (исключая)

cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*

Версия от 1.16.0 (включая) до 1.16.7 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Конфигурация 4

cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*

Версия до 21.1.1.1.0 (исключая)

Конфигурация 5

Одновременно

cpe:2.3:o:siemens:scalance_lpe9403_firmware:*:*:*:*:*:*:*:*

Версия до 2.0 (исключая)

cpe:2.3:h:siemens:scalance_lpe9403:-:*:*:*:*:*:*:*

EPSS

Процентиль: 42%

0.00198

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-362

Связанные уязвимости

CVE-2021-36221

CVSS3: 5.9

ubuntu

больше 4 лет назад

Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.

CVE-2021-36221

CVSS3: 5.9

redhat

больше 4 лет назад

Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.

CVE-2021-36221

CVSS3: 5.9

msrc

больше 4 лет назад

Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.

CVE-2021-36221

CVSS3: 5.9

debian

больше 4 лет назад

Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that c ...

openSUSE-SU-2021:2788-1

suse-cvrf

больше 4 лет назад

Security update for go1.16

EPSS

Процентиль: 42%

0.00198

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-362