Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2021:3585

Опубликовано: 21 сент. 2021
Источник: rocky
Оценка: Moderate

Описание

Moderate: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

Security Fix(es):

  • golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
delvex86_642.module+el8.4.0+396+d2d16ae3delve-1.5.0-2.module+el8.4.0+396+d2d16ae3.x86_64.rpm
golangx86_642.module+el8.4.0+646+fc1a61b2golang-1.15.14-2.module+el8.4.0+646+fc1a61b2.x86_64.rpm
golang-binx86_642.module+el8.4.0+646+fc1a61b2golang-bin-1.15.14-2.module+el8.4.0+646+fc1a61b2.x86_64.rpm
golang-docsnoarch2.module+el8.4.0+646+fc1a61b2golang-docs-1.15.14-2.module+el8.4.0+646+fc1a61b2.noarch.rpm
golang-docsnoarch2.module+el8.4.0+646+fc1a61b2golang-docs-1.15.14-2.module+el8.4.0+646+fc1a61b2.noarch.rpm
golang-miscnoarch2.module+el8.4.0+646+fc1a61b2golang-misc-1.15.14-2.module+el8.4.0+646+fc1a61b2.noarch.rpm
golang-miscnoarch2.module+el8.4.0+646+fc1a61b2golang-misc-1.15.14-2.module+el8.4.0+646+fc1a61b2.noarch.rpm
golang-racex86_642.module+el8.4.0+646+fc1a61b2golang-race-1.15.14-2.module+el8.4.0+646+fc1a61b2.x86_64.rpm
golang-srcnoarch2.module+el8.4.0+646+fc1a61b2golang-src-1.15.14-2.module+el8.4.0+646+fc1a61b2.noarch.rpm
golang-srcnoarch2.module+el8.4.0+646+fc1a61b2golang-src-1.15.14-2.module+el8.4.0+646+fc1a61b2.noarch.rpm

Показывать по

Связанные CVE

CVE-2021-29923

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2021-29923

CVSS3: 7.5
ubuntu
больше 4 лет назад

Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR.

redhat логотип

CVE-2021-29923

CVSS3: 7.3
redhat
больше 4 лет назад

Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR.

nvd логотип

CVE-2021-29923

CVSS3: 7.5
nvd
больше 4 лет назад

Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR.

msrc логотип

CVE-2021-29923

CVSS3: 7.5
msrc
больше 4 лет назад

Описание отсутствует

debian логотип

CVE-2021-29923

CVSS3: 7.5
debian
больше 4 лет назад

Go before 1.17 does not properly consider extraneous zero characters a ...