DATABASE RESOURCES PRICING ABOUT US

{"id": "ALPINE:CVE-2021-27919", "vendorId": null, "type": "alpinelinux", "bulletinFamily": "unix", "title": "CVE-2021-27919", "description": "archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename.", "published": "2021-03-11T00:15:00", "modified": "2022-12-13T16:31:00", "epss": [{"cve": "CVE-2021-27919", "epss": 0.0006, "percentile": 0.2325, "modified": "2023-05-27"}], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, "href": "https://security.alpinelinux.org/vuln/CVE-2021-27919", "reporter": "Alpine Linux Development Team", "references": [], "cvelist": ["CVE-2021-27919"], "immutableFields": [], "lastseen": "2023-06-23T11:05:43", "viewCount": 12, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}, "dependencies": {"references": [{"type": "altlinux", "idList": ["225BAEAF6219040C50411B22A30E3A60", "427211E048071EEF6D757312BBC9B9A0"]}, {"type": "amazon", "idList": ["ALAS2-2022-1830"]}, {"type": "cve", "idList": ["CVE-2021-27919"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-27919"]}, {"type": "fedora", "idList": ["FEDORA:4F8A43091B25", "FEDORA:B432630B2C73"]}, {"type": "freebsd", "idList": ["72709326-81F7-11EB-950A-00155D646401"]}, {"type": "gentoo", "idList": ["GLSA-202208-02"]}, {"type": "ibm", "idList": ["2CBBC01EA20F67490CBAC1FBC54F752062CF74FF574C30707039FE42DBFD1C37", "4E2C91D443B2D002C9237F719179663FBF30DE221B227E2997586AC4E37E0210", "B14711FCCE28FBD42E1415D4FA69A18716B176D49881F931260BA9778C11599E", "D910928648A66660B4EF26E5685D05C7C8D269DFFB0ACC4D4B2EDAFF261E4D46", "E58CF8213E8AE04F23F33FD4E7F9009B5B82E8BEDEB6D0BBD6AB0B6C878B314B"]}, {"type": "nessus", "idList": ["AL2_ALAS-2022-1830.NASL", "FREEBSD_PKG_7270932681F711EB950A00155D646401.NASL", "GENTOO_GLSA-202208-02.NASL", "SUSE_SU-2021-0937-1.NASL"]}, {"type": "osv", "idList": ["OSV:GO-2021-0067"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-27919"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-27919"]}, {"type": "veracode", "idList": ["VERACODE:29662"]}]}, "vulnersScore": 6.8}, "_state": {"score": 1687518989, "dependencies": 1687518779}, "_internal": {"score_hash": "77bd33cdcc94f7b2a4dfd0468fe0ea12"}, "affectedPackage": [{"OS": "Alpine", "OSVersion": "edge-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "1.16.2-r0", "operator": "lt", "packageName": "go"}, {"OS": "Alpine", "OSVersion": "3.13-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "1.15.10-r0", "operator": "lt", "packageName": "go"}, {"OS": "Alpine", "OSVersion": "3.14-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "1.16.2-r0", "operator": "lt", "packageName": "go"}, {"OS": "Alpine", "OSVersion": "3.15-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "1.16.2-r0", "operator": "lt", "packageName": "go"}, {"OS": "Alpine", "OSVersion": "3.16-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "1.16.2-r0", "operator": "lt", "packageName": "go"}, {"OS": "Alpine", "OSVersion": "3.17-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "1.16.2-r0", "operator": "lt", "packageName": "go"}, {"OS": "Alpine", "OSVersion": "3.18-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "1.16.2-r0", "operator": "lt", "packageName": "go"}]}

{"osv": [{"lastseen": "2023-05-11T15:45:48", "description": "Using Reader.Open on an archive containing a file with a path prefixed by \"../\" will cause a panic due to a stack overflow. If parsing user supplied archives, this may be used as a denial of service vector.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-04-14T20:04:52", "type": "osv", "title": "GO-2021-0067", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27919"], "modified": "2023-05-11T15:31:00", "id": "OSV:GO-2021-0067", "href": "https://osv.dev/vulnerability/GO-2021-0067", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "ibm": [{"lastseen": "2023-05-27T17:57:59", "description": "## Summary\n\nIBM API Connect has addressed the following vulnerability.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-27919](<https://vulners.com/cve/CVE-2021-27919>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw in the Reader.Open API when use a ZIP archive containing files start with \u201c../\u201d. By persuading a victim to open a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198076](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198076>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\n \n\n\nAPI Connect| V10.0.0.0 - V10.0.1.2 \n---|--- \nAPI Connect \n| V10.0.1-10.0.2 \n \nAPI Connect| V2018.4.1.0-2018.4.1.16 \n \n\n\n## Remediation/Fixes\n\nAffected Product| Addressed in VRMF| APAR| Remediation/First Fix \n---|---|---|--- \n \nIBM API Connect \n\nV2018.4.1.0-2018.4.1.16\n\n| 2018.4.1.17| LI82279 | \n\nAddressed in IBM API Connect V2018.4.1.17.\n\nFollow this link and find the appropriate package. \n\n[http://www.ibm.com/support/fixcentral/swg/quickorder](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=2018.4.1.16&platform=All&function=all&source=fc>) \n \nIBM API Connect \n\nV10.0.0.0-V10.0.1.1\n\n| 10.0.1.2| \n\nLI82279\n\n| \n\nAddressed in IBM API Connect V10.0.1.4.\n\nFollow this link and find the appropriate package. \n\n \n\n\n[http://www.ibm.com/support/fixcentral/swg/quickorder](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=10.0.1.2&platform=All&function=all&source=fc> \"http://www.ibm.com/support/fixcentral/swg/quickorder\" ) \n \nIBM API Connect \n\nV10.0.1-10.0.2\n\n| 10.0.3 \n| \n\nLI82279\n\n| \n\nAddressed in IBM API Connect 10.0.3.\n\nFollow this link and find the appropriate package. \n\n \n\n\n[http://www.ibm.com/support/fixcentral/swg/quickorder](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=10.0.2.0&platform=All&function=all> \"http://www.ibm.com/support/fixcentral/swg/quickorder\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-08-16T23:03:41", "type": "ibm", "title": "Security Bulletin: IBM API Connect is impacted by a vulnerability in Golang (CVE-2021-27919)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27919"], "modified": "2021-08-16T23:03:41", "id": "E58CF8213E8AE04F23F33FD4E7F9009B5B82E8BEDEB6D0BBD6AB0B6C878B314B", "href": "https://www.ibm.com/support/pages/node/6481891", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-27T17:57:43", "description": "## Summary\n\nIBM Cloud Private is vulnerable to a Go vulnerability\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-27919](<https://vulners.com/cve/CVE-2021-27919>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw in the Reader.Open API when use a ZIP archive containing files start with \u201c../\u201d. By persuading a victim to open a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198076](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198076>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-27918](<https://vulners.com/cve/CVE-2021-27918>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an infinite loop flaw when using xml.NewTokenDecoder with a custom TokenReader. By persuading a victim to open a specially-crafted XML content, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198075](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198075>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Private| 3.2.1 CD \nIBM Cloud Private| 3.2.2 CD \n \n\n\n## Remediation/Fixes\n\nProduct defect fixes and security updates are only available for the two most recent Continuous Delivery (CD) update packages \n\n * IBM Cloud Private 3.2.1\n * IBM Cloud Private 3.2.2\n\nFor IBM Cloud Private 3.2.1, apply fix pack:\n\n * [IBM Cloud Private 3.2.1.2012](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-3.2.1.2012-build600194-41235&includeSupersedes=0> \"IBM Cloud Private 3.2.1.2012\" )\n\nFor IBM Cloud Private 3.2.2, apply fix pack:\n\n * [IBM Cloud Private 3.2.2.2012](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-3.2.2.2012-build600195-41237&includeSupersedes=0> \"IBM Cloud Private 3.2.2.2012\" )\n\n \n\n\nFor IBM Cloud Private 3.1.0, 3.1.1, 3.1.2, 3.2.0:\n\n * Upgrade to the latest Continuous Delivery (CD) update package, IBM Cloud Private 3.2.2. \n * If required, individual product fixes can be made available between CD update packages for resolution of problems. Contact IBM support for assistance\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-09-03T13:39:16", "type": "ibm", "title": "Security Bulletin: IBM Cloud Private is vulnerable to a Go vulnerability (CVE-2021-27919, CVE-2021-27918)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918", "CVE-2021-27919"], "modified": "2021-09-03T13:39:16", "id": "4E2C91D443B2D002C9237F719179663FBF30DE221B227E2997586AC4E37E0210", "href": "https://www.ibm.com/support/pages/node/6486345", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-27T17:59:12", "description": "## Summary\n\nOperations Dashboard is vulnerable to Go vulnerabilities (CVE-2021-27918 and CVE-2021-27919) with details of each below.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-27918](<https://vulners.com/cve/CVE-2021-27918>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an infinite loop flaw when using xml.NewTokenDecoder with a custom TokenReader. By persuading a victim to open a specially-crafted XML content, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198075](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198075>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-27919](<https://vulners.com/cve/CVE-2021-27919>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw in the Reader.Open API when use a ZIP archive containing files start with \u201c../\u201d. By persuading a victim to open a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198076](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198076>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nOperations Dashboard| \n\n2020.4.1-0-eus \n2020.4.1-1-eus \n2021.1.1 \n \n \n\n\n## Remediation/Fixes\n\n**Operations Dashboard version 2020.4.1 in IBM Cloud Pak for Integration** \nUpgrade Operations Dashboard to 2020.4.1-2-eus using the Operator upgrade process described in the IBM Documentation \n<https://www.ibm.com/docs/en/cloud-paks/cp-integration/2020.4?topic=components-upgrading-operations-dashboard> \n \n**Operations Dashboard version 2021.1.1 in IBM Cloud Pak for Integration** \nUpgrade Operations Dashboard to 2021.2.1 using the Operator upgrade process described in the IBM Documentation \n<https://www.ibm.com/docs/en/cloud-paks/cp-integration/2021.2?topic=runtimes-upgrading-transaction-tracing-troubleshooting> \n\n\n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-06-24T13:10:56", "type": "ibm", "title": "Security Bulletin: Operations Dashboard is vulnerable to Go vulnerabilities (CVE-2021-27918 and CVE-2021-27919)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918", "CVE-2021-27919"], "modified": "2021-06-24T13:10:56", "id": "D910928648A66660B4EF26E5685D05C7C8D269DFFB0ACC4D4B2EDAFF261E4D46", "href": "https://www.ibm.com/support/pages/node/6466637", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-06T17:51:05", "description": "## Summary\n\nIBM has released the following fix for IBM\u00ae Db2\u00ae On Openshift and IBM\u00ae Db2\u00ae and Db2 Warehouse\u00ae on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-38561](<https://vulners.com/cve/CVE-2021-38561>) \n** DESCRIPTION: **Golang Go Text is vulnerable to a denial of service, caused by an improper index calculation that allows an incorrectly formatted language tag to panic Parse. A remote attacker could exploit this vulnerability to trigger an out-of-bounds read and cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219760](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219760>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-8559](<https://vulners.com/cve/CVE-2020-8559>) \n** DESCRIPTION: **Kubernetes kube-apiserver could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw when multiple clusters share the same certificate authority trusted by the client. By intercepting certain requests and sending a redirect response, an attacker could exploit this vulnerability to compromise other nodes. \nCVSS Base score: 6.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185302](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185302>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-33196](<https://vulners.com/cve/CVE-2021-33196>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw in the NewReader and OpenReader functions in archive/zip. By persuading a victim to open a specially-crafted archive file, a remote attacker could exploit this vulnerability to cause a panic or an unrecoverable fatal error, and results in a denial of service condition. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206602](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206602>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-41772](<https://vulners.com/cve/CVE-2021-41772>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an out-of-bounds slice situation in the Reader.Open function. By using a specially-crafted ZIP archive containing an invalid name or an empty filename field, a remote attacker could exploit this vulnerability to cause a panic, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213019](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213019>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-27919](<https://vulners.com/cve/CVE-2021-27919>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw in the Reader.Open API when use a ZIP archive containing files start with \u201c../\u201d. By persuading a victim to open a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198076](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198076>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-15366](<https://vulners.com/cve/CVE-2020-15366>) \n** DESCRIPTION: **Ajv (aka Another JSON Schema Validator) could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the ajv.validate function. By sending a specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185626](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185626>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAll platforms of the following IBM\u00ae Db2\u00ae On Openshift fix pack releases and IBM\u00ae Db2\u00ae and Db2 Warehouse\u00ae on Cloud Pak for Data refresh levels are affected:\n\nRelease| Version \n---|--- \nIBM\u00ae Db2\u00ae On Openshift| \n\nv11.5.5.0 - v11.5.5.0-cn4 \nv11.5.5.1 - v11.5.5.1-cn3 \nv11.5.6.0 - v11.5.6.0-cn5 \nv11.5.7.0 - v11.5.7.0-cn2 \n \nIBM\u00ae Db2\u00ae and Db2 Warehouse\u00ae on Cloud Pak for Data| \n\nv3.5 through refresh 10 \nv4.0 through refresh 6 \n \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading to the latest IBM Db2 On Openshift or the IBM Db2 and Db2 Warehouse on Cloud Pak for Data refresh release containing the fix for this issue. These builds are available based on the most recent fixpack level of the V11.5.7 release and the Cloud Pak for Data v3.5 refresh 10, 4.0 refresh 6 release. They can be applied to any affected fixpack level of the appropriate release to remediate this vulnerability. \n\nPlease note: If the affected release is any refresh level of Cloud Pak for Data 3.5, it is strongly recommended to upgrade to Cloud Pak for Data 4.0, then apply the latest refresh release \n\n\nProduct| Fixed in Fix Pack| Instructions \n---|---|--- \nIBM\u00ae Db2\u00ae On Openshift| \n\nv11.5.7.0-cn3\n\n| \n\n<https://www.ibm.com/docs/en/db2/11.5?topic=1157-upgrading-updating> \n \nIBM\u00ae Db2\u00ae and Db2 Warehouse\u00ae on Cloud Pak for Data| \n\nv4.0 refresh 7\n\n| \n\n<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.0?topic=upgrading> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-11T19:51:55", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities affect IBM\u00ae Db2\u00ae On Openshift and IBM\u00ae Db2\u00ae and Db2 Warehouse\u00ae on Cloud Pak for Data", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15366", "CVE-2020-8559", "CVE-2021-27919", "CVE-2021-33196", "CVE-2021-38561", "CVE-2021-41772"], "modified": "2022-04-11T19:51:55", "id": "B14711FCCE28FBD42E1415D4FA69A18716B176D49881F931260BA9778C11599E", "href": "https://www.ibm.com/support/pages/node/6570965", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-06T14:25:10", "description": "## Summary\n\nIBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift may be affected by vulnerabilities in Redis, MinIO, Golang, and Urllib3 such as bypass of security restrictions, denial of service, and man-in-the-middle attacks.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-21362](<https://vulners.com/cve/CVE-2021-21362>) \n** DESCRIPTION: **MinIO could allow a remote attacker to bypass security restrictions. By creating a temporary &amp;#39;mc share upload&amp;#39; URL, an attacker could exploit this vulnerability to bypass a readOnly policy. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197902](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197902>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-33503](<https://vulners.com/cve/CVE-2021-33503>) \n** DESCRIPTION: **urllib3 is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw due to catastrophic backtracking. By sending a specially-crafted URL request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203109](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203109>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-31525](<https://vulners.com/cve/CVE-2021-31525>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw in net/http. By sending a specially-crafted header to ReadRequest or ReadResponse. Server, Transport, and Client, a remote attacker could exploit this vulnerability to cause a (panic) denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202709](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202709>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-14147](<https://vulners.com/cve/CVE-2020-14147>) \n** DESCRIPTION: **Redis is vulnerable to a denial of service, caused by an integer overflow in the getnum function in lua_struct.c in Redis. By sending a specially crafted command with a large number, a remote attacker could exploit this vulnerability to cause a stack-based buffer overflow, leading a denial of service.. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/183518](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183518>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-28363](<https://vulners.com/cve/CVE-2021-28363>) \n** DESCRIPTION: **urllib3 for python is vulnerable to a man-in-the-middle attack, caused by improper certificate validation in some cases involving HTTPS to HTTPS proxies. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain sensitive information or further compromise the system. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198199](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198199>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N) \n \n** CVEID: **[CVE-2021-27919](<https://vulners.com/cve/CVE-2021-27919>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw in the Reader.Open API when use a ZIP archive containing files start with \u201c../\u201d. By persuading a victim to open a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198076](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198076>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Spectrum Protect Plus Container Backup and Restore for Kubernetes \n| 10.1.5-10.1.8 \nIBM Spectrum Protect Plus Container Backup and Restore for OpenShift \n| 10.1.7-10.1.8 \n \n \n## Remediation/Fixes\n\n**BM Spectrum Protect** \n**Plus Release**| **First Fixing** \n**VRM Level**| **Platform**| **Link to Fix** \n---|---|---|--- \n10.1| 10.1.8.1 \n| Linux| <https://www.ibm.com/support/pages/node/6415111> \n \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 7.7, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2021-06-28T20:36:08", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Redis, MinIO, Golang, and Urllib3 affect IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and OpenShift", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14147", "CVE-2021-21362", "CVE-2021-27919", "CVE-2021-28363", "CVE-2021-31525", "CVE-2021-33503"], "modified": "2021-06-28T20:36:08", "id": "2CBBC01EA20F67490CBAC1FBC54F752062CF74FF574C30707039FE42DBFD1C37", "href": "https://www.ibm.com/support/pages/node/6466435", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}], "veracode": [{"lastseen": "2022-07-26T16:46:02", "description": "archive/zip in github.com/golang/go is vulnerable to denial of service (DoS). The use of Reader.Open API on a Zip file that contains a file prefixed with \"../\", such as `Open(...)` causes a panic in the function `toValidName` when attempting to strip the prefixed path components.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-03-11T03:11:01", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27919"], "modified": "2022-03-30T16:42:20", "id": "VERACODE:29662", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-29662/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2023-05-27T15:13:21", "description": "archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-03-11T00:15:00", "type": "debiancve", "title": "CVE-2021-27919", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27919"], "modified": "2021-03-11T00:15:00", "id": "DEBIANCVE:CVE-2021-27919", "href": "https://security-tracker.debian.org/tracker/CVE-2021-27919", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "prion": [{"lastseen": "2023-08-16T02:54:04", "description": "archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-03-11T00:15:00", "type": "prion", "title": "CVE-2021-27919", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27919"], "modified": "2022-12-13T16:31:00", "id": "PRION:CVE-2021-27919", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-27919", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "ubuntucve": [{"lastseen": "2023-07-28T00:49:27", "description": "archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial\nof service (panic) upon attempted use of the Reader.Open API for a ZIP\narchive in which ../ occurs at the beginning of any filename.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | Packages built using golang need to be rebuilt once the vulnerability has been fixed. This CVE entry does not list packages that need rebuilding outside of the main repository or the Ubuntu variants with PPA overlays.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-03-11T00:00:00", "type": "ubuntucve", "title": "CVE-2021-27919", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27919"], "modified": "2021-03-11T00:00:00", "id": "UB:CVE-2021-27919", "href": "https://ubuntu.com/security/CVE-2021-27919", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "redhatcve": [{"lastseen": "2023-09-05T16:53:00", "description": "An out of bounds read vulnerability was found in golang. When using the archive/zip standard library (stdlib) and an unexpected file is parsed, it can cause golang to attempt to read outside of a slice (array) causing a panic in the runtime. A potential attacker can use this vulnerability to craft an archive which causes an application using this library to crash resulting in a Denial of Service (DoS).\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-03-11T18:04:05", "type": "redhatcve", "title": "CVE-2021-27919", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27919"], "modified": "2023-09-02T00:19:39", "id": "RH:CVE-2021-27919", "href": "https://access.redhat.com/security/cve/cve-2021-27919", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2023-05-27T14:34:35", "description": "archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-03-11T00:15:00", "type": "cve", "title": "CVE-2021-27919", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27919"], "modified": "2022-12-13T16:31:00", "cpe": ["cpe:/o:fedoraproject:fedora:35", "cpe:/o:fedoraproject:fedora:34"], "id": "CVE-2021-27919", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27919", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*"]}], "altlinux": [{"lastseen": "2023-05-08T23:16:16", "description": "March 11, 2021 Alexey Shabalin 1.16.1-alt1\n \n \n - New version (1.16.1).\n - Fixes:\n + CVE-2021-27918\n + CVE-2021-27919\n - Remove test for other platform scripts.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-11T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 10 package golang version 1.16.1-alt1", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918", "CVE-2021-27919"], "modified": "2021-03-11T00:00:00", "id": "225BAEAF6219040C50411B22A30E3A60", "href": "https://packages.altlinux.org/en/p10/srpms/golang/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-03-31T19:17:36", "description": "March 11, 2021 Alexey Shabalin 1.15.9-alt1\n \n \n - New version (1.15.9).\n - Fixes:\n + CVE-2021-27918\n + CVE-2021-27919\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-11T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 9 package golang version 1.15.9-alt1", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918", "CVE-2021-27919"], "modified": "2021-03-11T00:00:00", "id": "427211E048071EEF6D757312BBC9B9A0", "href": "https://packages.altlinux.org/en/p9/srpms/golang/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "freebsd": [{"lastseen": "2023-05-27T14:56:04", "description": "\n\nThe Go project reports:\n\nThe Decode, DecodeElement, and Skip methods of an xml.Decoder\n\t provided by xml.NewTokenDecoder may enter an infinite loop when\n\t operating on a custom xml.TokenReader which returns an EOF in the\n\t middle of an open XML element.\n\n\nThe Reader.Open API, new in Go 1.16, will panic when used on a ZIP\n\t archive containing files that start with \"../\".\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-05T00:00:00", "type": "freebsd", "title": "go -- encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader; archive/zip: panic when calling Reader.Open", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918", "CVE-2021-27919"], "modified": "2021-03-05T00:00:00", "id": "72709326-81F7-11EB-950A-00155D646401", "href": "https://vuxml.freebsd.org/freebsd/72709326-81f7-11eb-950a-00155d646401.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2023-05-18T15:26:56", "description": "This update for go1.16 fixes the following issues :\n\ngo1.16.2 (released 2021-03-11) (bsc#1182345)\n\ngo1.16.1 (released 2021-03-10) (bsc#1182345)\n\n - CVE-2021-27918: Fixed an infinite loop when using xml.NewTokenDecoder with a custom TokenReader (bsc#1183333).\n\n - CVE-2021-27919: Fixed an issue where archive/zip: can panic when calling Reader.Open (bsc#1183334).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-03-26T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : go1.16 (SUSE-SU-2021:0937-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-27918", "CVE-2021-27919"], "modified": "2021-08-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:go1.16", "p-cpe:/a:novell:suse_linux:go1.16-doc", "p-cpe:/a:novell:suse_linux:go1.16-race", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-0937-1.NASL", "href": "https://www.tenable.com/plugins/nessus/148139", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0937-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148139);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/19\");\n\n script_cve_id(\"CVE-2021-27918\", \"CVE-2021-27919\");\n script_xref(name:\"IAVB\", value:\"2021-B-0040-S\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : go1.16 (SUSE-SU-2021:0937-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for go1.16 fixes the following issues :\n\ngo1.16.2 (released 2021-03-11) (bsc#1182345)\n\ngo1.16.1 (released 2021-03-10) (bsc#1182345)\n\n - CVE-2021-27918: Fixed an infinite loop when using\n xml.NewTokenDecoder with a custom TokenReader\n (bsc#1183333).\n\n - CVE-2021-27919: Fixed an issue where archive/zip: can\n panic when calling Reader.Open (bsc#1183334).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182345\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183333\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183334\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27918/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27919/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210937-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b6ac428f\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Development Tools 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-937=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:go1.16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:go1.16-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:go1.16-race\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"go1.16-race-1.16.2-1.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"go1.16-1.16.2-1.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"go1.16-doc-1.16.2-1.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"go1.16-race-1.16.2-1.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"go1.16-1.16.2-1.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"go1.16-doc-1.16.2-1.8.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"go1.16\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:50", "description": "The Go project reports :\n\nThe Decode, DecodeElement, and Skip methods of an xml.Decoder provided by xml.NewTokenDecoder may enter an infinite loop when operating on a custom xml.TokenReader which returns an EOF in the middle of an open XML element.\n\nThe Reader.Open API, new in Go 1.16, will panic when used on a ZIP archive containing files that start with '../'.", "cvss3": {}, "published": "2021-03-11T00:00:00", "type": "nessus", "title": "FreeBSD : go -- encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader; archive/zip: panic when calling Reader.Open (72709326-81f7-11eb-950a-00155d646401)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-27918", "CVE-2021-27919"], "modified": "2021-08-23T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:go", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_7270932681F711EB950A00155D646401.NASL", "href": "https://www.tenable.com/plugins/nessus/147697", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(147697);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/23\");\n\n script_cve_id(\"CVE-2021-27918\", \"CVE-2021-27919\");\n script_xref(name:\"IAVB\", value:\"2021-B-0040-S\");\n\n script_name(english:\"FreeBSD : go -- encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader; archive/zip: panic when calling Reader.Open (72709326-81f7-11eb-950a-00155d646401)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The Go project reports :\n\nThe Decode, DecodeElement, and Skip methods of an xml.Decoder provided\nby xml.NewTokenDecoder may enter an infinite loop when operating on a\ncustom xml.TokenReader which returns an EOF in the middle of an open\nXML element.\n\nThe Reader.Open API, new in Go 1.16, will panic when used on a ZIP\narchive containing files that start with '../'.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://golang.org/issue/44913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://golang.org/issue/44916\"\n );\n # https://vuxml.freebsd.org/freebsd/72709326-81f7-11eb-950a-00155d646401.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d92fa84e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-27918\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:go\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"go<1.16.1,1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-21T12:48:47", "description": "The version of golang installed on the remote host is prior to 1.18.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1830 advisory.\n\n - A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers. (CVE-2020-29652)\n\n - encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method. (CVE-2021-27918)\n\n - archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename. (CVE-2021-27919)\n\n - Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format. (CVE-2021-33195)\n\n - In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.\n (CVE-2021-33197)\n\n - In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method. (CVE-2021-33198)\n\n - Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort. (CVE-2021-36221)\n\n - Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used. (CVE-2021-38297)\n\n - In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196. (CVE-2021-39293)\n\n - Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. (CVE-2022-23772)\n\n - cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags. (CVE-2022-23773)\n\n - Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element. (CVE-2022-23806)\n\n - encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data. (CVE-2022-24675)\n\n - regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. (CVE-2022-24921)\n\n - The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input. (CVE-2022-28327)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-08T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : golang (ALAS-2022-1830)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-29652", "CVE-2021-27918", "CVE-2021-27919", "CVE-2021-33195", "CVE-2021-33196", "CVE-2021-33197", "CVE-2021-33198", "CVE-2021-36221", "CVE-2021-38297", "CVE-2021-39293", "CVE-2022-23772", "CVE-2022-23773", "CVE-2022-23806", "CVE-2022-24675", "CVE-2022-24921", "CVE-2022-28327"], "modified": "2022-08-16T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:golang", "p-cpe:/a:amazon:linux:golang-bin", "p-cpe:/a:amazon:linux:golang-docs", "p-cpe:/a:amazon:linux:golang-misc", "p-cpe:/a:amazon:linux:golang-race", "p-cpe:/a:amazon:linux:golang-shared", "p-cpe:/a:amazon:linux:golang-src", "p-cpe:/a:amazon:linux:golang-tests", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2022-1830.NASL", "href": "https://www.tenable.com/plugins/nessus/163918", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2022-1830.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163918);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/08/16\");\n\n script_cve_id(\n \"CVE-2020-29652\",\n \"CVE-2021-27918\",\n \"CVE-2021-27919\",\n \"CVE-2021-33195\",\n \"CVE-2021-33197\",\n \"CVE-2021-33198\",\n \"CVE-2021-36221\",\n \"CVE-2021-38297\",\n \"CVE-2021-39293\",\n \"CVE-2022-23772\",\n \"CVE-2022-23773\",\n \"CVE-2022-23806\",\n \"CVE-2022-24675\",\n \"CVE-2022-24921\",\n \"CVE-2022-28327\"\n );\n script_xref(name:\"IAVB\", value:\"2021-B-0040-S\");\n script_xref(name:\"IAVB\", value:\"2022-B-0008-S\");\n script_xref(name:\"IAVB\", value:\"2022-B-0011-S\");\n script_xref(name:\"IAVB\", value:\"2021-B-0069-S\");\n\n script_name(english:\"Amazon Linux 2 : golang (ALAS-2022-1830)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of golang installed on the remote host is prior to 1.18.3-1. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2-2022-1830 advisory.\n\n - A nil pointer dereference in the golang.org/x/crypto/ssh component through\n v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH\n servers. (CVE-2020-29652)\n\n - encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader\n (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode,\n DecodeElement, or Skip method. (CVE-2021-27918)\n\n - archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon\n attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any\n filename. (CVE-2021-27919)\n\n - Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from\n DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to\n the RFC1035 format. (CVE-2021-33195)\n\n - In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from\n net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.\n (CVE-2021-33197)\n\n - In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the\n math/big.Rat SetString or UnmarshalText method. (CVE-2021-33198)\n\n - Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil\n ReverseProxy panic upon an ErrAbortHandler abort. (CVE-2021-36221)\n\n - Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function\n invocation from a WASM module, when GOARCH=wasm GOOS=js is used. (CVE-2021-38297)\n\n - In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating\n that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of\n an incomplete fix for CVE-2021-33196. (CVE-2021-39293)\n\n - Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to\n Uncontrolled Memory Consumption. (CVE-2022-23772)\n\n - cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to\n be version tags. This can lead to incorrect access control if an actor is supposed to be able to create\n branches but not tags. (CVE-2022-23773)\n\n - Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return\n true in situations with a big.Int value that is not a valid field element. (CVE-2022-23806)\n\n - encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount\n of PEM data. (CVE-2022-24675)\n\n - regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested\n expression. (CVE-2022-24921)\n\n - The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic\n via long scalar input. (CVE-2022-28327)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2022-1830.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-29652.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-27918.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-27919.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-33195.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-33197.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-33198.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-36221.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-38297.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-39293.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-23772.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-23773.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-23806.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-24675.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-24921.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-28327.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update golang' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-38297\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-misc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-race\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-shared\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'golang-1.18.3-1.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-1.18.3-1.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-bin-1.18.3-1.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-bin-1.18.3-1.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-docs-1.18.3-1.amzn2', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-misc-1.18.3-1.amzn2', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-race-1.18.3-1.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-shared-1.18.3-1.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-shared-1.18.3-1.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-src-1.18.3-1.amzn2', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-tests-1.18.3-1.amzn2', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"golang / golang-bin / golang-docs / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-21T12:48:09", "description": "The remote host is affected by the vulnerability described in GLSA-202208-02 (Go: Multiple Vulnerabilities)\n\n - Go before 1.14.12 and 1.15.x before 1.15.5 allows Code Injection. (CVE-2020-28366)\n\n - Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection. (CVE-2020-28367)\n\n - encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method. (CVE-2021-27918)\n\n - archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename. (CVE-2021-27919)\n\n - Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR. (CVE-2021-29923)\n\n - In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.\n (CVE-2021-3114)\n\n - Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the go get command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download). (CVE-2021-3115)\n\n - net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations. (CVE-2021-31525)\n\n - Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format. (CVE-2021-33195)\n\n - In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic. (CVE-2021-33196)\n\n - In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.\n (CVE-2021-33197)\n\n - In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method. (CVE-2021-33198)\n\n - The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic. (CVE-2021-34558)\n\n - Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort. (CVE-2021-36221)\n\n - Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used. (CVE-2021-38297)\n\n - ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.\n (CVE-2021-41771)\n\n - Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field. (CVE-2021-41772)\n\n - net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests. (CVE-2021-44716)\n\n - Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file- descriptor exhaustion. (CVE-2021-44717)\n\n - Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. (CVE-2022-23772)\n\n - cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags. (CVE-2022-23773)\n\n - Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element. (CVE-2022-23806)\n\n - encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data. (CVE-2022-24675)\n\n - regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. (CVE-2022-24921)\n\n - Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic. (CVE-2022-27536)\n\n - The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input. (CVE-2022-28327)\n\n - Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.\n (CVE-2022-29526)\n\n - golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n - golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n - Automatic update for grafana-8.5.6-1.fc37. ##### **Changelog** ``` * Wed Jun 29 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 8.5.6-1 - update to 8.5.6 tagged upstream community sources, see CHANGELOG - updated license to AGPLv3 - place commented sample config file in /etc/grafana/grafana.ini - enable Go modules in build process - adapt Node.js bundling to yarn v3 and Zero Install feature * Sun Jun 19 2022 Robert-Andr Mauchin <zebob.m@gmail.com> - 7.5.15-3 - Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327, CVE-2022-27191, CVE-2022-29526, CVE-2022-30629 ``` (CVE-2022-30629)\n\n - golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n - golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n - golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n - golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n - golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n - golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\n - The Go project reports: encoding/gob & math/big: decoding big.Float and big.Rat can panic Decoding big.Float and big.Rat types can panic if the encoded message is too short.\n (CVE-2022-32189)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-04T00:00:00", "type": "nessus", "title": "GLSA-202208-02 : Go: Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28366", "CVE-2020-28367", "CVE-2021-27918", "CVE-2021-27919", "CVE-2021-29923", "CVE-2021-3114", "CVE-2021-3115", "CVE-2021-31525", "CVE-2021-33195", "CVE-2021-33196", "CVE-2021-33197", "CVE-2021-33198", "CVE-2021-34558", "CVE-2021-36221", "CVE-2021-38297", "CVE-2021-41771", "CVE-2021-41772", "CVE-2021-44716", "CVE-2021-44717", "CVE-2022-1705", "CVE-2022-1996", "CVE-2022-23772", "CVE-2022-23773", "CVE-2022-23806", "CVE-2022-24675", "CVE-2022-24921", "CVE-2022-27191", "CVE-2022-27536", "CVE-2022-28131", "CVE-2022-28327", "CVE-2022-29526", "CVE-2022-30629", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-30635", "CVE-2022-32148", "CVE-2022-32189"], "modified": "2022-11-01T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:go", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202208-02.NASL", "href": "https://www.tenable.com/plugins/nessus/163840", "sourceData": "#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202208-02.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike\n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163840);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/01\");\n\n script_cve_id(\n \"CVE-2020-28366\",\n \"CVE-2020-28367\",\n \"CVE-2021-3114\",\n \"CVE-2021-3115\",\n \"CVE-2021-27918\",\n \"CVE-2021-27919\",\n \"CVE-2021-29923\",\n \"CVE-2021-31525\",\n \"CVE-2021-33195\",\n \"CVE-2021-33196\",\n \"CVE-2021-33197\",\n \"CVE-2021-33198\",\n \"CVE-2021-34558\",\n \"CVE-2021-36221\",\n \"CVE-2021-38297\",\n \"CVE-2021-41771\",\n \"CVE-2021-41772\",\n \"CVE-2021-44716\",\n \"CVE-2021-44717\",\n \"CVE-2022-1705\",\n \"CVE-2022-23772\",\n \"CVE-2022-23773\",\n \"CVE-2022-23806\",\n \"CVE-2022-24675\",\n \"CVE-2022-24921\",\n \"CVE-2022-27536\",\n \"CVE-2022-28131\",\n \"CVE-2022-28327\",\n \"CVE-2022-29526\",\n \"CVE-2022-30629\",\n \"CVE-2022-30630\",\n \"CVE-2022-30631\",\n \"CVE-2022-30632\",\n \"CVE-2022-30633\",\n \"CVE-2022-30635\",\n \"CVE-2022-32148\",\n \"CVE-2022-32189\"\n );\n script_xref(name:\"IAVB\", value:\"2022-B-0025-S\");\n\n script_name(english:\"GLSA-202208-02 : Go: Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is affected by the vulnerability described in GLSA-202208-02 (Go: Multiple Vulnerabilities)\n\n - Go before 1.14.12 and 1.15.x before 1.15.5 allows Code Injection. (CVE-2020-28366)\n\n - Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection. (CVE-2020-28367)\n\n - encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader\n (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode,\n DecodeElement, or Skip method. (CVE-2021-27918)\n\n - archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon\n attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any\n filename. (CVE-2021-27919)\n\n - Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address\n octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses,\n because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR. (CVE-2021-29923)\n\n - In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs,\n related to an underflow of the lowest limb during the final complete reduction in the P-224 field.\n (CVE-2021-3114)\n\n - Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code\n execution when using the go get command to fetch modules that make use of cgo (for example, cgo can\n execute a gcc program from an untrusted download). (CVE-2021-3115)\n\n - net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of\n service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each\n be affected in some configurations. (CVE-2021-31525)\n\n - Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from\n DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to\n the RFC1035 format. (CVE-2021-33195)\n\n - In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's\n header) can cause a NewReader or OpenReader panic. (CVE-2021-33196)\n\n - In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from\n net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.\n (CVE-2021-33197)\n\n - In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the\n math/big.Rat SetString or UnmarshalText method. (CVE-2021-33198)\n\n - The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an\n X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS\n server to cause a TLS client to panic. (CVE-2021-34558)\n\n - Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil\n ReverseProxy panic upon an ErrAbortHandler abort. (CVE-2021-36221)\n\n - Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function\n invocation from a WASM module, when GOARCH=wasm GOOS=js is used. (CVE-2021-38297)\n\n - ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3\n Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.\n (CVE-2021-41771)\n\n - Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP\n archive containing an invalid name or an empty filename field. (CVE-2021-41772)\n\n - net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the\n header canonicalization cache via HTTP/2 requests. (CVE-2021-44716)\n\n - Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or\n unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-\n descriptor exhaustion. (CVE-2021-44717)\n\n - Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to\n Uncontrolled Memory Consumption. (CVE-2022-23772)\n\n - cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to\n be version tags. This can lead to incorrect access control if an actor is supposed to be able to create\n branches but not tags. (CVE-2022-23773)\n\n - Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return\n true in situations with a big.Int value that is not a valid field element. (CVE-2022-23806)\n\n - encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount\n of PEM data. (CVE-2022-24675)\n\n - regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested\n expression. (CVE-2022-24921)\n\n - Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when\n presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to\n panic. (CVE-2022-27536)\n\n - The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic\n via long scalar input. (CVE-2022-28327)\n\n - Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero\n flags parameter, the Faccessat function could incorrectly report that a file is accessible.\n (CVE-2022-29526)\n\n - golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n - golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n - Automatic update for grafana-8.5.6-1.fc37. ##### **Changelog** ``` * Wed Jun 29 2022 Andreas Gerstmayr\n <agerstmayr@redhat.com> 8.5.6-1 - update to 8.5.6 tagged upstream community sources, see CHANGELOG -\n updated license to AGPLv3 - place commented sample config file in /etc/grafana/grafana.ini - enable Go\n modules in build process - adapt Node.js bundling to yarn v3 and Zero Install feature * Sun Jun 19 2022\n Robert-Andr Mauchin <zebob.m@gmail.com> - 7.5.15-3 - Rebuilt for CVE-2022-1996, CVE-2022-24675,\n CVE-2022-28327, CVE-2022-27191, CVE-2022-29526, CVE-2022-30629 ``` (CVE-2022-30629)\n\n - golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n - golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n - golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n - golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n - golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n - golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\n - The Go project reports: encoding/gob & math/big: decoding big.Float and big.Rat can panic\n Decoding big.Float and big.Rat types can panic if the encoded message is too short.\n (CVE-2022-32189)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/202208-02\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=754210\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=766216\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=775326\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=788640\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=794784\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=802054\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=806659\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=807049\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=816912\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=821859\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=828655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=833156\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=834635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=838130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=843644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=849290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=857822\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=862822\");\n script_set_attribute(attribute:\"solution\", value:\n\"All Go users shoud upgrade to the latest version: # emerge --sync # emerge --ask --oneshot\n--verbose >=dev-lang/go-1.18.5 In addition, users using Portage 3.0.9 or later should ensure that packages with\nGo binaries have no vulnerable code statically linked into their binaries by rebuilding the @golang-rebuild set:\n# emerge --ask --oneshot --verbose @golang-rebuild\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-38297\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:go\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar flag = 0;\n\nvar packages = [\n {\n 'name' : \"dev-lang/go\",\n 'unaffected' : make_list(\"ge 1.18.5\"),\n 'vulnerable' : make_list(\"lt 1.18.5\")\n }\n];\n\nforeach package( packages ) {\n if (isnull(package['unaffected'])) package['unaffected'] = make_list();\n if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();\n if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;\n}\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : qpkg_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Go\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "fedora": [{"lastseen": "2023-05-27T14:49:27", "description": "The Go Programming Language. ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-09-24T20:54:01", "type": "fedora", "title": "[SECURITY] Fedora 35 Update: golang-1.16.8-2.fc35", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27919", "CVE-2021-36221"], "modified": "2021-09-24T20:54:01", "id": "FEDORA:4F8A43091B25", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HM7U5JNS5WU66Q3S26PFIU2ITB2ATTQ4/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-27T14:49:27", "description": "The Go Programming Language. ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-09-22T16:30:52", "type": "fedora", "title": "[SECURITY] Fedora 34 Update: golang-1.16.8-1.fc34", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27919", "CVE-2021-36221"], "modified": "2021-09-22T16:30:52", "id": "FEDORA:B432630B2C73", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2MU47VKTNXX33ZDLTI2ORRUY3KLJKU6G/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "amazon": [{"lastseen": "2023-06-14T15:42:04", "description": "**Issue Overview:**\n\nA null pointer dereference vulnerability was found in golang. When using the library's ssh server without specifying an option for GSSAPIWithMICConfig, it is possible for an attacker to craft an ssh client connection using the authentication method and cause the server to panic resulting in a denial of service. The highest threat from this vulnerability is to system availability. (CVE-2020-29652)\n\nAn infinite loop vulnerability was found in golang. If an application defines a custom token parser initializing with `xml.NewTokenDecoder` it is possible for the parsing loop to never return. An attacker could potentially craft a malicious XML document which has an XML element with `EOF` within it, causing the parsing application to endlessly loop, resulting in a Denial of Service (DoS). (CVE-2021-27918)\n\nAn out of bounds read vulnerability was found in golang. When using the archive/zip standard library (stdlib) and an unexpected file is parsed, it can cause golang to attempt to read outside of a slice (array) causing a panic in the runtime. A potential attacker can use this vulnerability to craft an archive which causes an application using this library to crash resulting in a Denial of Service (DoS). (CVE-2021-27919)\n\nA flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integrity. (CVE-2021-33195)\n\nA flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The highest threat from this vulnerability is to integrity. (CVE-2021-33197)\n\nA flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability. (CVE-2021-33198)\n\nA race condition flaw was found in Go. The incoming requests body weren't closed after the handler panic and as a consequence this could lead to ReverseProxy crash. The highest threat from this vulnerability is to Availability. (CVE-2021-36221)\n\nA validation flaw was found in golang. When invoking functions from WASM modules built using GOARCH=wasm GOOS=js, passing very large arguments can cause portions of the module to be overwritten with data from the arguments. The highest threat from this vulnerability is to integrity. (CVE-2021-38297)\n\nA vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files. An attacker capable of submitting a crafted ZIP file to a Go application using archive/zip to process that file could cause a denial of service via memory exhaustion or panic. This particular flaw is an incomplete fix for a previous flaw. (CVE-2021-39293)\n\nRat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. (CVE-2022-23772)\n\ncmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags. (CVE-2022-23773)\n\nA flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource. (CVE-2022-23806)\n\nA buffer overflow flaw was found in Golang's library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB) ), causing a stack overflow in Decode, which leads to a loss of availability. (CVE-2022-24675)\n\nA stack overflow flaw was found in Golang's regexp module, which can crash the runtime if the application using regexp accepts very long or arbitrarily long regexps from untrusted sources that have sufficient nesting depths. To exploit this vulnerability, an attacker would need to send large regexps with deep nesting to the application. Triggering this flaw leads to a crash of the runtime, which causes a denial of service. (CVE-2022-24921)\n\nAn integer overflow flaw was found in Golang's crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability. (CVE-2022-28327)\n\n \n**Affected Packages:** \n\n\ngolang\n\n \n**Issue Correction:** \nRun _yum update golang_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n \u00a0\u00a0\u00a0 golang-1.18.3-1.amzn2.aarch64 \n \u00a0\u00a0\u00a0 golang-bin-1.18.3-1.amzn2.aarch64 \n \u00a0\u00a0\u00a0 golang-shared-1.18.3-1.amzn2.aarch64 \n \n noarch: \n \u00a0\u00a0\u00a0 golang-docs-1.18.3-1.amzn2.noarch \n \u00a0\u00a0\u00a0 golang-misc-1.18.3-1.amzn2.noarch \n \u00a0\u00a0\u00a0 golang-tests-1.18.3-1.amzn2.noarch \n \u00a0\u00a0\u00a0 golang-src-1.18.3-1.amzn2.noarch \n \n src: \n \u00a0\u00a0\u00a0 golang-1.18.3-1.amzn2.src \n \n x86_64: \n \u00a0\u00a0\u00a0 golang-1.18.3-1.amzn2.x86_64 \n \u00a0\u00a0\u00a0 golang-bin-1.18.3-1.amzn2.x86_64 \n \u00a0\u00a0\u00a0 golang-shared-1.18.3-1.amzn2.x86_64 \n \u00a0\u00a0\u00a0 golang-race-1.18.3-1.amzn2.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2020-29652](<https://access.redhat.com/security/cve/CVE-2020-29652>), [CVE-2021-27918](<https://access.redhat.com/security/cve/CVE-2021-27918>), [CVE-2021-27919](<https://access.redhat.com/security/cve/CVE-2021-27919>), [CVE-2021-33195](<https://access.redhat.com/security/cve/CVE-2021-33195>), [CVE-2021-33197](<https://access.redhat.com/security/cve/CVE-2021-33197>), [CVE-2021-33198](<https://access.redhat.com/security/cve/CVE-2021-33198>), [CVE-2021-36221](<https://access.redhat.com/security/cve/CVE-2021-36221>), [CVE-2021-38297](<https://access.redhat.com/security/cve/CVE-2021-38297>), [CVE-2021-39293](<https://access.redhat.com/security/cve/CVE-2021-39293>), [CVE-2022-23772](<https://access.redhat.com/security/cve/CVE-2022-23772>), [CVE-2022-23773](<https://access.redhat.com/security/cve/CVE-2022-23773>), [CVE-2022-23806](<https://access.redhat.com/security/cve/CVE-2022-23806>), [CVE-2022-24675](<https://access.redhat.com/security/cve/CVE-2022-24675>), [CVE-2022-24921](<https://access.redhat.com/security/cve/CVE-2022-24921>), [CVE-2022-28327](<https://access.redhat.com/security/cve/CVE-2022-28327>)\n\nMitre: [CVE-2020-29652](<https://vulners.com/cve/CVE-2020-29652>), [CVE-2021-27918](<https://vulners.com/cve/CVE-2021-27918>), [CVE-2021-27919](<https://vulners.com/cve/CVE-2021-27919>), [CVE-2021-33195](<https://vulners.com/cve/CVE-2021-33195>), [CVE-2021-33197](<https://vulners.com/cve/CVE-2021-33197>), [CVE-2021-33198](<https://vulners.com/cve/CVE-2021-33198>), [CVE-2021-36221](<https://vulners.com/cve/CVE-2021-36221>), [CVE-2021-38297](<https://vulners.com/cve/CVE-2021-38297>), [CVE-2021-39293](<https://vulners.com/cve/CVE-2021-39293>), [CVE-2022-23772](<https://vulners.com/cve/CVE-2022-23772>), [CVE-2022-23773](<https://vulners.com/cve/CVE-2022-23773>), [CVE-2022-23806](<https://vulners.com/cve/CVE-2022-23806>), [CVE-2022-24675](<https://vulners.com/cve/CVE-2022-24675>), [CVE-2022-24921](<https://vulners.com/cve/CVE-2022-24921>), [CVE-2022-28327](<https://vulners.com/cve/CVE-2022-28327>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-28T21:55:00", "type": "amazon", "title": "Important: golang", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-29652", "CVE-2021-27918", "CVE-2021-27919", "CVE-2021-33195", "CVE-2021-33197", "CVE-2021-33198", "CVE-2021-36221", "CVE-2021-38297", "CVE-2021-39293", "CVE-2022-23772", "CVE-2022-23773", "CVE-2022-23806", "CVE-2022-24675", "CVE-2022-24921", "CVE-2022-28327"], "modified": "2022-08-08T18:42:00", "id": "ALAS2-2022-1830", "href": "https://alas.aws.amazon.com/AL2/ALAS-2022-1830.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "gentoo": [{"lastseen": "2023-06-17T16:42:10", "description": "### Background\n\nGo is an open source programming language that makes it easy to build simple, reliable, and efficient software.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Go. Please review the CVE identifiers referenced below for details.\n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Go users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/go-1.18.5\"\n \n\nIn addition, users using Portage 3.0.9 or later should ensure that packages with Go binaries have no vulnerable code statically linked into their binaries by rebuilding the @golang-rebuild set:\n \n \n # emerge --ask --oneshot --verbose @golang-rebuild", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-04T00:00:00", "type": "gentoo", "title": "Go: Multiple Vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28366", "CVE-2020-28367", "CVE-2021-27918", "CVE-2021-27919", "CVE-2021-29923", "CVE-2021-3114", "CVE-2021-3115", "CVE-2021-31525", "CVE-2021-33195", "CVE-2021-33196", "CVE-2021-33197", "CVE-2021-33198", "CVE-2021-34558", "CVE-2021-36221", "CVE-2021-38297", "CVE-2021-41771", "CVE-2021-41772", "CVE-2021-44716", "CVE-2021-44717", "CVE-2022-1705", "CVE-2022-23772", "CVE-2022-23773", "CVE-2022-23806", "CVE-2022-24675", "CVE-2022-24921", "CVE-2022-27536", "CVE-2022-28131", "CVE-2022-28327", "CVE-2022-29526", "CVE-2022-30629", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-30635", "CVE-2022-32148", "CVE-2022-32189"], "modified": "2022-08-04T00:00:00", "id": "GLSA-202208-02", "href": "https://security.gentoo.org/glsa/202208-02", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}]}