Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DLA-3395-1:898F3
HistoryApr 19, 2023 - 9:42 p.m.

[SECURITY] [DLA 3395-1] golang-1.11 security update

2023-04-1921:42:48
lists.debian.org
6

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.3%

JSON

Debian LTS Advisory DLA-3395-1 [email protected]
https://www.debian.org/lts/security/ Sylvain Beucler
April 19, 2023 https://wiki.debian.org/LTS

Package : golang-1.11
Version : 1.11.6-1+deb10u6
CVE ID : CVE-2020-28367 CVE-2021-33196 CVE-2021-36221 CVE-2021-38297
CVE-2021-39293 CVE-2021-41771 CVE-2021-44716 CVE-2021-44717
CVE-2022-23806 CVE-2022-24921
Debian Bug : 989492 991961

Multiple vulnerabilities were discovered in the Go programming
language. An attacker could trigger a denial-of-service (DoS), invalid
cryptographic computation, information leak, or arbitrary code
execution on the developer's computer in specific situations.

CVE-2020-28367

Code injection in the go command with cgo allows arbitrary code
execution at build time via malicious gcc flags specified via a
#cgo directive.

CVE-2021-33196

In archive/zip, a crafted file count (in an archive's header) can
cause a NewReader or OpenReader panic.

CVE-2021-36221

Go has a race condition that can lead to a net/http/httputil
ReverseProxy panic upon an ErrAbortHandler abort.

CVE-2021-38297

Go has a Buffer Overflow via large arguments in a function
invocation from a WASM module, when GOARCH=wasm GOOS=js is used.

CVE-2021-39293

This issue exists because of an incomplete fix for CVE-2021-33196.

CVE-2021-41771

ImportedSymbols in debug/macho (for Open or OpenFat) Accesses a
Memory Location After the End of a Buffer, aka an out-of-bounds
slice situation.

CVE-2021-44716

net/http allows uncontrolled memory consumption in the header
canonicalization cache via HTTP/2 requests.

CVE-2021-44717

Go on UNIX allows write operations to an unintended file or
unintended network connection as a consequence of erroneous
closing of file descriptor 0 after file-descriptor exhaustion.

CVE-2022-23806

Curve.IsOnCurve in crypto/elliptic can incorrectly return true in
situations with a big.Int value that is not a valid field element.

CVE-2022-24921

regexp.Compile allows stack exhaustion via a deeply nested
expression.

For Debian 10 buster, these problems have been fixed in version
1.11.6-1+deb10u6.

We recommend that you upgrade your golang-1.11 packages.

For the detailed security status of golang-1.11 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/golang-1.11

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian11ppc64elgolang-1.15-go-dbgsym< 1.15.15-1~deb11u2golang-1.15-go-dbgsym_1.15.15-1~deb11u2_ppc64el.deb
Debian10arm64golang-1.11-go< 1.11.6-1+deb10u6golang-1.11-go_1.11.6-1+deb10u6_arm64.deb
Debian11amd64golang-1.15-go< 1.15.15-1~deb11u2golang-1.15-go_1.15.15-1~deb11u2_amd64.deb
Debian11armelgolang-1.15-src< 1.15.15-1~deb11u2golang-1.15-src_1.15.15-1~deb11u2_armel.deb
Debian10i386golang-1.11-go< 1.11.6-1+deb10u6golang-1.11-go_1.11.6-1+deb10u6_i386.deb
Debian11mipselgolang-1.15-src< 1.15.15-1~deb11u2golang-1.15-src_1.15.15-1~deb11u2_mipsel.deb
Debian11arm64golang-1.15-go< 1.15.15-1~deb11u2golang-1.15-go_1.15.15-1~deb11u2_arm64.deb
Debian11mipselgolang-1.15-go-dbgsym< 1.15.15-1~deb11u2golang-1.15-go-dbgsym_1.15.15-1~deb11u2_mipsel.deb
Debian10amd64golang-1.11-src< 1.11.6-1+deb10u6golang-1.11-src_1.11.6-1+deb10u6_amd64.deb
Debian10allgolang-1.11< 1.11.6-1+deb10u6golang-1.11_1.11.6-1+deb10u6_all.deb
Rows per page:
1-10 of 311

Related

nessus 63
openvas 41
osv 16
debian 4
amazon 4
mageia 2
redhat 12
almalinux 2
rocky 2
oraclelinux 3
cve 2
redhatcve 2
ibm 12
ubuntucve 2
suse 5
altlinux 3
fedora 4
prion 2
alpinelinux 3
debiancve 2
freebsd 2
ics 1
photon 3
githubexploit 1
veracode 2
cnvd 1
cbl_mariner 3
nessus
nessus
Debian DLA-3395-1 : golang-1.11 - LTS security update
2023-04-20 00:00:00
Debian DLA-2891-1 : golang-1.8 - LTS security update
2022-01-22 00:00:00
Debian DLA-2892-1 : golang-1.7 - LTS security update
2022-01-22 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-3395-1)
2023-04-21 00:00:00
Debian: Security Advisory (DLA-2892-1)
2022-01-22 00:00:00
Debian: Security Advisory (DLA-2891-1)
2022-01-22 00:00:00
osv
osv
golang-1.11 - security update
2023-04-19 00:00:00
golang-1.8 - security update
2022-01-21 00:00:00
golang-1.7 - security update
2022-01-21 00:00:00
debian
debian
[SECURITY] [DLA 2891-1] golang-1.8 security update
2022-01-21 22:02:40
[SECURITY] [DLA 2892-1] golang-1.7 security update
2022-01-21 22:02:47
[SECURITY] [DLA 2985-1] golang-1.7 security update
2022-04-28 09:57:28
amazon
amazon
Important: golang
2022-07-06 03:11:00
Important: golang
2022-04-25 03:47:00
Important: golang
2022-04-25 15:59:00
mageia
mageia
Updated golang packages fix security vulnerability
2021-10-13 22:39:52
Updated golang packages fix security vulnerability
2021-12-26 03:14:13
redhat
redhat
(RHSA-2022:1819) Moderate: go-toolset:rhel8 security and bug fix update
2022-05-10 06:29:31
(RHSA-2022:0432) Moderate: Release of OpenShift Serverless Client kn 1.20.0
2022-02-03 15:51:33
(RHSA-2022:1361) Important: Red Hat OpenShift Data Foundation 4.10.0 RPM security,enhancement&bugfix update
2022-04-13 15:16:03
almalinux
almalinux
Moderate: go-toolset:rhel8 security and bug fix update
2022-05-10 06:29:31
Important: go-toolset:rhel8 security and bug fix update
2021-12-15 16:11:05
rocky
rocky
go-toolset:rhel8 security and bug fix update
2022-05-10 06:29:31
go-toolset:rhel8 security and bug fix update
2021-12-15 16:11:05
oraclelinux
oraclelinux
go-toolset:ol8 security and bug fix update
2022-05-17 00:00:00
go-toolset:ol8 security and bug fix update
2021-12-16 00:00:00
go-toolset:ol8addon security update
2022-06-08 00:00:00
cve
cve
CVE-2021-39293
2022-01-24 01:15:00
CVE-2021-44717
2022-01-01 05:15:00
redhatcve
redhatcve
CVE-2021-39293
2021-09-20 19:13:18
CVE-2020-28367
2020-11-13 18:14:47
ibm
ibm
Security Bulletin: IBM DataPower Gateway Operand affected by vulnerabilities in Go (CVE-2021-44716, CVE-2021-44717)
2022-05-23 19:55:40
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Golang (CVE-2021-44716, CVE-2021-44717)
2022-04-22 20:46:15
Security Bulletin: Multiple vulnerabilities in the Golang language affect IBM Event Streams
2022-07-12 14:53:51
ubuntucve
ubuntucve
CVE-2021-39293
2022-01-24 00:00:00
CVE-2021-44717
2022-01-01 00:00:00
suse
suse
Security update for go1.17 (moderate)
2021-12-23 00:00:00
Security update for go1.16 (moderate)
2021-12-26 00:00:00
Security update for go1.16 (moderate)
2021-12-23 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package golang version 1.17.5-alt1
2021-12-09 00:00:00
Security fix for the ALT Linux 10 package golang version 1.17.2-alt1
2021-10-11 00:00:00
Security fix for the ALT Linux 10 package golang version 1.17.1-alt1
2021-09-13 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: golang-1.16.12-1.fc34
2021-12-30 01:43:52
[SECURITY] Fedora 35 Update: golang-1.16.12-1.fc35
2021-12-30 01:19:52
[SECURITY] Fedora 35 Update: golang-1.16.11-1.fc35
2021-12-16 01:18:21
prion
prion
Design/Logic Flaw
2022-01-24 01:15:00
Buffer overflow
2021-10-18 06:15:00
alpinelinux
alpinelinux
CVE-2021-39293
2022-01-24 01:15:00
CVE-2020-28367
2020-11-18 17:15:00
CVE-2021-38297
2021-10-18 06:15:00
debiancve
debiancve
CVE-2021-39293
2022-01-24 01:15:00
CVE-2020-28367
2020-11-18 17:15:00
freebsd
freebsd
go -- multiple vulnerabilities
2021-12-08 00:00:00
go -- archive/zip: overflow in preallocation check can cause OOM panic
2021-08-18 00:00:00
ics
ics
Siemens Brownfield Connectivity Gateway
2023-02-16 12:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2022-0476
2022-03-03 00:00:00
Critical Photon OS Security Update - PHSA-2021-0130
2021-11-29 00:00:00
Critical Photon OS Security Update - PHSA-2021-4.0-0130
2021-11-28 00:00:00
githubexploit
githubexploit
Exploit for Classic Buffer Overflow in Golang Go
2023-11-15 20:52:36
veracode
veracode
Denial Of Service (DoS)
2021-10-11 04:53:12
Command Injection
2020-11-19 06:14:27
cnvd
cnvd
Google Go buffer error vulnerability
2021-10-24 00:00:00
cbl_mariner
cbl_mariner
CVE-2020-28367 affecting package golang 1.13.15-2
2021-07-08 21:56:48
CVE-2021-38297 affecting package golang 1.17.1-2
2022-04-26 19:57:46
CVE-2021-38297 affecting package golang 1.16.7-1
2021-11-06 00:29:54

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.3%

JSON
Related for DEBIAN:DLA-3395-1:898F3
nessus63openvas41osv16debian4amazon4mageia2redhat12almalinux2rocky2oraclelinux3cve2redhatcve2ibm12ubuntucve2suse5altlinux3fedora4prion2alpinelinux3debiancve2freebsd2ics1photon3githubexploit1veracode2cnvd1cbl_mariner3