Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-41771

Опубликовано: 14 окт. 2021
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.

An out of bounds read vulnerability was found in debug/macho of the Go standard library. When using the debug/macho standard library (stdlib) and malformed binaries are parsed using Open or OpenFat, it can cause golang to attempt to read outside of a slice (array) causing a panic when calling ImportedSymbols. An attacker can use this vulnerability to craft a file which causes an application using this library to crash resulting in a denial of service.

Отчет

For Red Hat Service Telemetry Framework, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the sg-core-container.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenShift ServerlessCLIAffected
OpenShift Serverlessknative-eventingAffected
Red Hat Ceph Storage 2golangOut of support scope
Red Hat Ceph Storage 2grafanaOut of support scope
Red Hat Ceph Storage 3golangOut of support scope
Red Hat Ceph Storage 3golang-github-prometheus-node_exporterOut of support scope
Red Hat Ceph Storage 3grafanaOut of support scope
Red Hat Ceph Storage 3grafana-containerOut of support scope
Red Hat Ceph Storage 4rhceph/rhceph-4-dashboard-rhel8Not affected
Red Hat Ceph Storage 5rhceph/rhceph-5-dashboard-rhel8Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-119
https://bugzilla.redhat.com/show_bug.cgi?id=2020725golang: debug/macho: invalid dynamic symbol table command can cause panic

EPSS

Процентиль: 58%
0.00362
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-41771

CVSS3: 7.5
ubuntu
больше 3 лет назад

ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.

nvd логотип

CVE-2021-41771

CVSS3: 7.5
nvd
больше 3 лет назад

ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.

msrc логотип

CVE-2021-41771

CVSS3: 7.5
msrc
больше 3 лет назад

Описание отсутствует

debian логотип

CVE-2021-41771

CVSS3: 7.5
debian
больше 3 лет назад

ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16 ...

github логотип

GHSA-g56w-5r6h-483w

CVSS3: 7.5
github
около 3 лет назад

ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.

EPSS

Процентиль: 58%
0.00362
Низкий

7.5 High

CVSS3