10 matches found
BIT-GOLANG-2021-27919
archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service panic upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename...
USN-6038-2 golang-1.13, golang-1.16 vulnerabilities
USN-6038-1 fixed several vulnerabilities in Go 1.18. This update provides the corresponding updates for Go 1.13 and Go 1.16. CVE-2022-29526 and CVE-2022-30630 only affected Go 1.16. Original advisory details: It was discovered that the Go net/http module incorrectly handled Transfer-Encoding...
SUSE-SU-2021:3834-1 Security update for go1.16
This update for go1.16 fixes the following issues: Security update go1.16.10 released 2021-11-04 bsc1182345. - CVE-2021-41771: Fixed invalid dynamic symbol table command that could have caused panic bsc1192377. - CVE-2021-41772: Fixed panic on Reader.Open bsc1192378...
SUSE SLED15 / SLES15 Security Update : go1.16 (SUSE-SU-2021:2186-1)
The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2186-1 advisory. Update to 1.16.5. Includes these security fixes - CVE-2021-33195: net: Lookup functions may return invalid host names bsc1187443. -...
CVE-2021-27919
archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service panic upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename...
Design/Logic Flaw
archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service panic upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename...
CVE-2021-27919
archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service panic upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename...
CVE-2021-27919
archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service panic upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename...
CVE-2021-27919
archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service panic upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename...
CVE-2021-27919
CVE-2021-27919 affects the Go standard library archive/zip: parsing ZIP archives where a filename begins with ../ can trigger a panic/denial of service in Go 1.16.x prior to 1.16.1 due to an unsafe Reader.Open path handling. Affected product: Go (archive/zip). Root cause: insufficient validation ...