0.003 Low
EPSS
Percentile
65.8%
golang is vulnerable to . Due to a pre-allocation optimization in zip.NewReader, an attacker can cause a denial of service condition using a malicious archive which would result in a panic or memory exhaustion.
zip.NewReader
bugzilla.redhat.com/show_bug.cgi?id=1965503
groups.google.com/g/golang-announce
groups.google.com/g/golang-announce/c/RgCMkAEQjSI
lists.debian.org/debian-lts-announce/2022/01/msg00016.html
lists.debian.org/debian-lts-announce/2022/01/msg00017.html
security-tracker.debian.org/tracker/CVE-2021-33196