Lucene search
K

10 matches found

OSV
OSV
added 2024/03/06 11:6 a.m.30 views

BIT-GOLANG-2021-27919

archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service panic upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename...

5.5CVSS6AI score0.01517EPSS
Exploits0References5
OSV
OSV
added 2024/01/09 1:8 p.m.6 views

USN-6038-2 golang-1.13, golang-1.16 vulnerabilities

USN-6038-1 fixed several vulnerabilities in Go 1.18. This update provides the corresponding updates for Go 1.13 and Go 1.16. CVE-2022-29526 and CVE-2022-30630 only affected Go 1.16. Original advisory details: It was discovered that the Go net/http module incorrectly handled Transfer-Encoding...

9.8CVSS7.1AI score0.05623EPSS
Exploits6References19
OSV
OSV
added 2021/12/01 3:5 p.m.7 views

SUSE-SU-2021:3834-1 Security update for go1.16

This update for go1.16 fixes the following issues: Security update go1.16.10 released 2021-11-04 bsc1182345. - CVE-2021-41771: Fixed invalid dynamic symbol table command that could have caused panic bsc1192377. - CVE-2021-41772: Fixed panic on Reader.Open bsc1192378...

7.5CVSS7.7AI score0.04372EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2021/06/29 12:0 a.m.38 views

SUSE SLED15 / SLES15 Security Update : go1.16 (SUSE-SU-2021:2186-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2186-1 advisory. Update to 1.16.5. Includes these security fixes - CVE-2021-33195: net: Lookup functions may return invalid host names bsc1187443. -...

7.5CVSS6.7AI score0.03464EPSS
Exploits4References14
OSV
OSV
added 2021/03/11 12:15 a.m.35 views

CVE-2021-27919

archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service panic upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename...

5.5CVSS6.5AI score
Exploits0References4
Prion
Prion
added 2021/03/11 12:15 a.m.22 views

Design/Logic Flaw

archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service panic upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename...

4.3CVSS5.4AI score0.01517EPSS
Exploits0References4Affected Software2
UbuntuCve
UbuntuCve
added 2021/03/11 12:15 a.m.30 views

CVE-2021-27919

archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service panic upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename...

5.5CVSS6.8AI score0.01517EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2021/03/11 12:0 a.m.61 views

CVE-2021-27919

archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service panic upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename...

5.5CVSS6.3AI score0.01517EPSS
Exploits0
Debian CVE
Debian CVE
added 2021/03/11 12:0 a.m.32 views

CVE-2021-27919

archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service panic upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename...

5.5CVSS6.3AI score0.01517EPSS
Exploits0
CVE
CVE
added 2021/03/11 12:0 a.m.176 views

CVE-2021-27919

CVE-2021-27919 affects the Go standard library archive/zip: parsing ZIP archives where a filename begins with ../ can trigger a panic/denial of service in Go 1.16.x prior to 1.16.1 due to an unsafe Reader.Open path handling. Affected product: Go (archive/zip). Root cause: insufficient validation ...

5.5CVSS6AI score0.01517EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder