9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
27.0%
The Go project reports:
archive/zip: mishandling of corrupt central directory record
The archive/zip package’s handling of certain types of
invalid zip files differed from the behavior of most zip
implementations. This misalignment could be exploited to
create an zip file with contents that vary depending on the
implementation reading the file. The archive/zip package now
rejects files containing these errors.
net/netip: unexpected behavior from Is methods for
IPv4-mapped IPv6 addresses
The various Is methods (IsPrivate, IsLoopback, etc) did
not work as expected for IPv4-mapped IPv6 addresses,
returning false for addresses which would return true in
their traditional IPv4 forms.
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
27.0%