5 matches found
Amazon Linux 2 : golang (ALAS-2022-1811)
The version of golang installed on the remote host is prior to 1.16.15-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1811 advisory. An infinite loop vulnerability was found in golang. If an application defines a custom token parser initializing with...
CVE-2021-39293
In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header falsely designating that many files are present can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196...
CVE-2021-39293
In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header falsely designating that many files are present can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196...
CVE-2021-39293
In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header falsely designating that many files are present can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196...
CVE-2021-39293
CVE-2021-39293: In Go's archive/zip, a crafted ZIP header can cause a panic. Connected advisories show affected Go versions include: Go before 1.15.13 and 1.16.x before 1.16.5 (Astra Linux), and the initial entry references Go 1.16.8 and 1.17.1 as contexts. Several advisories note this as an inco...