5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.9%
github.com/golang/go/ is vulnerable to Improper Input Validation. The vulnerability is due to a misalignment in the behavior of zip implementations, which can be exploited to create zip files with varying contents based on the implementation reading the file.
www.openwall.com/lists/oss-security/2024/06/04/1
github.com/golang/go/commit/cf501ac0c5fe351a8582d20b43562027927906e7
go.dev/cl/585397
go.dev/issue/66869
groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ
lists.fedoraproject.org/archives/list/[email protected]/message/U5YAEIA6IUHUNGJ7AIXXPQT6D2GYENX7/
pkg.go.dev/vuln/GO-2024-2888
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.9%