17 matches found
MiracleLinux 8 : container-tools:rhel8 (AXSA:2026-338:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-338:01 advisory. golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip CVE-2025-61728 golang: net/url: Memory exhaustion in query...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.20.16 packages and security update
Red Hat OpenShift Container Platform release 4.20.16 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.20. Red Hat Product Security has rated this update as having a...
golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...
golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...
golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...
golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...
Linux Distros Unpatched Vulnerability : CVE-2021-39293
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header falsely designating that many files are present can cause a NewReader or...
Linux Distros Unpatched Vulnerability : CVE-2021-27919
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service panic upon attempted use of the Reader.Open API for a ZIP archive in which...
In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5 a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic.
...
AZL-42412 CVE-2024-24789 affecting package golang for versions less than 1.18.8-8
The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects...
AZL-79044 CVE-2024-24789 affecting package golang 1.25.7-1
The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects...
SUSE CVE-2021-33196
In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count in an archive's header can cause a NewReader or OpenReader panic...
DEBIAN-CVE-2021-33196
In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count in an archive's header can cause a NewReader or OpenReader panic...
UBUNTU-CVE-2021-33196
In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count in an archive's header can cause a NewReader or OpenReader panic...
CVE-2021-33196
In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count in an archive's header can cause a NewReader or OpenReader panic...
golang: archive/zip: malformed archive may cause panic or memory exhaustion
A vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files...
UBUNTU-CVE-2021-27919
archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service panic upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename...