6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.005 Low
EPSS
Percentile
75.7%
Package : golang
Version : 2:1.3.3-1+deb8u2
CVE ID : CVE-2019-9741
Debian Bug : #924630
It was discovered that there was a CRLF injection attack in the Go
programming language runtime library.
Passing \r\n to http.NewRequest could allow execution of arbitrary
HTTP headers or Redis commands.
For Debian 8 "Jessie", this issue has been fixed in golang version
2:1.3.3-1+deb8u2.
We recommend that you upgrade your golang packages.
Regards,
,''`.
: :' : Chris Lamb
`. `'` [email protected] / chris-lamb.co.uk
`-
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 8 | armhf | golang-go-linux-arm | < 2:1.3.3-1+deb8u2 | golang-go-linux-arm_2:1.3.3-1+deb8u2_armhf.deb |
Debian | 8 | amd64 | golang-go-linux-386 | < 2:1.3.3-1+deb8u2 | golang-go-linux-386_2:1.3.3-1+deb8u2_amd64.deb |
Debian | 9 | armhf | golang-1.7-go | < 1.7.4-2+deb9u3 | golang-1.7-go_1.7.4-2+deb9u3_armhf.deb |
Debian | 8 | all | kate-syntax-go | < 2:1.3.3-1+deb8u2 | kate-syntax-go_2:1.3.3-1+deb8u2_all.deb |
Debian | 8 | all | golang-go-windows-386 | < 2:1.3.3-1+deb8u2 | golang-go-windows-386_2:1.3.3-1+deb8u2_all.deb |
Debian | 9 | armhf | golang-1.8-src | < 1.8.1-1+deb9u3 | golang-1.8-src_1.8.1-1+deb9u3_armhf.deb |
Debian | 9 | armhf | golang-1.8-go | < 1.8.1-1+deb9u3 | golang-1.8-go_1.8.1-1+deb9u3_armhf.deb |
Debian | 9 | amd64 | golang-1.7-go | < 1.7.4-2+deb9u3 | golang-1.7-go_1.7.4-2+deb9u3_amd64.deb |
Debian | 8 | armhf | golang-go-linux-386 | < 2:1.3.3-1+deb8u2 | golang-go-linux-386_2:1.3.3-1+deb8u2_armhf.deb |
Debian | 8 | i386 | golang-go-linux-arm | < 2:1.3.3-1+deb8u2 | golang-go-linux-arm_2:1.3.3-1+deb8u2_i386.deb |
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.005 Low
EPSS
Percentile
75.7%