12 matches found
GHSA-MJ73-J457-8X9Q maxminddb's `Reader::open_mmap` unsoundly marks unsafe memmap operation as safe
maxminddb prior to version 0.27 declared Reader::openmmap as safe despite wrapping an inherently unsafe memmap2 operation with no extra step done to guarantee safety. This could have led to undefined behaviour if the file were to be modified on disk while the memory map was still active...
maxminddb's `Reader::open_mmap` unsoundly marks unsafe memmap operation as safe
maxminddb prior to version 0.27 declared Reader::openmmap as safe despite wrapping an inherently unsafe memmap2 operation with no extra step done to guarantee safety. This could have led to undefined behaviour if the file were to be modified on disk while the memory map was still active...
RUSTSEC-2025-0132 `Reader::open_mmap` unsoundly marks unsafe memmap operation as safe
maxminddb prior to version 0.27 declared Reader::openmmap as safe despite wrapping an inherently unsafe memmap2 operation with no extra step done to guarantee safety. This could have led to undefined behaviour if the file were to be modified on disk while the memory map was still active...
Linux Distros Unpatched Vulnerability : CVE-2021-27919
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service panic upon attempted use of the Reader.Open API for a ZIP archive in which...
SUSE CVE-2021-41772
Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field...
golang: archive/zip: Reader.Open panics on empty string
A vulnerability was found in archive/zip of the Go standard library. Applications written in Go where Reader.Open the API implementing io/fs.FS introduced in Go 1.16 can panic when parsing a crafted ZIP archive containing completely invalid names or an empty filename argument...
golang: archive/zip: Reader.Open panics on empty string
A vulnerability was found in archive/zip of the Go standard library. Applications written in Go where Reader.Open the API implementing io/fs.FS introduced in Go 1.16 can panic when parsing a crafted ZIP archive containing completely invalid names or an empty filename argument...
golang: archive/zip: Reader.Open panics on empty string
A vulnerability was found in archive/zip of the Go standard library. Applications written in Go where Reader.Open the API implementing io/fs.FS introduced in Go 1.16 can panic when parsing a crafted ZIP archive containing completely invalid names or an empty filename argument...
golang: archive/zip: Reader.Open panics on empty string
A vulnerability was found in archive/zip of the Go standard library. Applications written in Go where Reader.Open the API implementing io/fs.FS introduced in Go 1.16 can panic when parsing a crafted ZIP archive containing completely invalid names or an empty filename argument...
AZL-6452 CVE-2021-41772 affecting package golang for versions less than 1.17.8-1
Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field...
UBUNTU-CVE-2021-41772
Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field...
Google Golang 安全漏洞
Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. The archive/zip in Go is not working when attempting to use Reader.zip on zip archive files with filenames starting with . / begins with a ZIP archive file using the Reader.Open A...