Lucene search

K
ubuntucveUbuntu.comUB:CVE-2021-33195
HistoryAug 02, 2021 - 12:00 a.m.

CVE-2021-33195

2021-08-0200:00:00
ubuntu.com
ubuntu.com
16
go language
dns lookup
vulnerability
rfc1035
unix

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS

0.01

Percentile

83.8%

Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups
that do not validate replies from DNS servers, and thus a return value may
contain an unsafe injection (e.g., XSS) that does not conform to the
RFC1035 format.

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS

0.01

Percentile

83.8%