4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.002 Low
EPSS
Percentile
56.7%
Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations
to an unintended file or unintended network connection as a consequence of
erroneous closing of file descriptor 0 after file-descriptor exhaustion.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 22.04 | noarch | golang-1.17 | < any | UNKNOWN |
ubuntu | 18.04 | noarch | golang-1.8 | < any | UNKNOWN |
github.com/golang/go/commit/44a3fb49d99cc8a4de4925b69650f97bb07faf1d (go1.17.5)
github.com/golang/go/issues/50057
groups.google.com/g/golang-announce/c/hcmEScgc00k/m/ZWnOjeY4CQAJ
launchpad.net/bugs/cve/CVE-2021-44717
nvd.nist.gov/vuln/detail/CVE-2021-44717
security-tracker.debian.org/tracker/CVE-2021-44717
www.cve.org/CVERecord?id=CVE-2021-44717
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.002 Low
EPSS
Percentile
56.7%