Lucene search
Alpine Linux Development TeamALPINE:CVE-2021-33196HistoryAug 02, 2021 - 7:15 p.m.
CVE-2021-33196
2021-08-0219:15:08
Alpine Linux Development Team
security.alpinelinux.org
33
go
archive/zip
security vulnerability
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
7.8
Confidence
High
EPSS
0.003
Percentile
65.7%
In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archiveโs header) can cause a NewReader or OpenReader panic.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Alpine | edge-community | noarch | go | <ย 1.16.5-r0 | UNKNOWN |
| Alpine | 3.13-community | noarch | go | <ย 1.15.13-r0 | UNKNOWN |
| Alpine | 3.14-community | noarch | go | <ย 1.16.5-r0 | UNKNOWN |
| Alpine | 3.15-community | noarch | go | <ย 1.16.5-r0 | UNKNOWN |
| Alpine | 3.16-community | noarch | go | <ย 1.16.5-r0 | UNKNOWN |
| Alpine | 3.17-community | noarch | go | <ย 1.16.5-r0 | UNKNOWN |
| Alpine | 3.18-community | noarch | go | <ย 1.16.5-r0 | UNKNOWN |
| Alpine | 3.19-community | noarch | go | <ย 1.16.5-r0 | UNKNOWN |
| Alpine | 3.20-community | noarch | go | <ย 1.16.5-r0 | UNKNOWN |
Related
ibm
ibm
prion
prion
Code injection
2021-08-02 19:15:00
Design/Logic Flaw
2022-01-24 01:15:00
Design/Logic Flaw
2022-08-26 16:15:00
nvd
nvd
nessus
nessus
RHEL 7 : go-toolset-1.15 and go-toolset-1.15-golang (RHSA-2021:2634)
2021-07-02 00:00:00
Siemens SCALANCE LPE9403 Allocation of Resources Without Limits or Throttling (CVE-2021-39293)
2024-01-15 00:00:00
openSUSE 15 Security Update : go1.16 (openSUSE-SU-2021:1342-1)
2021-10-12 00:00:00
redhatcve
redhatcve
cbl_mariner
cbl_mariner
cvelist
cvelist
osv
osv
BIT-golang-2021-33196
2024-03-06 11:05:05
Panic when reading certain archives in archive/zip
2022-02-17 17:33:25
CVE-2021-33196
2021-08-02 19:15:08
cve
cve
ubuntucve
ubuntucve
CVE-2021-33196
2021-08-02 00:00:00
CVE-2021-39293
2022-01-24 00:00:00
veracode
veracode
Denial Of Service (DoS)
2021-06-03 21:21:46
redhat
redhat
(RHSA-2021:2634) Moderate: go-toolset-1.15 and go-toolset-1.15-golang security and bug fix update
2021-07-01 12:53:07
(RHSA-2022:0655) Low: OpenShift Container Platform 4.9.23 bug fix and security update
2022-02-28 20:44:22
(RHSA-2021:2704) Moderate: Release of OpenShift Serverless Client kn 1.16.0
2021-07-13 16:30:23
debiancve
debiancve
CVE-2021-33196
2021-08-02 19:15:08
CVE-2021-39293
2022-01-24 01:15:07
openvas
openvas
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2022-1646)
2022-05-09 00:00:00
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2022-1660)
2022-05-09 00:00:00
Mageia: Security Advisory (MGASA-2021-0475)
2022-01-28 00:00:00
amazon
amazon
Medium: golang
2021-08-04 20:32:00
Important: golang
2022-09-15 03:57:00
alpinelinux
alpinelinux
CVE-2021-39293
2022-01-24 01:15:07
mageia
mageia
Updated golang packages fix security vulnerability
2021-10-13 22:39:52
Updated golang packages fix security vulnerabilities
2021-07-25 11:34:17
rocky
rocky
go-toolset:rhel8 security, bug fix, and enhancement update
2021-08-10 12:00:58
go-toolset:rhel8 security and bug fix update
2022-05-10 06:29:31
altlinux
altlinux
Security fix for the ALT Linux 10 package golang version 1.16.5-alt1
2021-06-05 00:00:00
Security fix for the ALT Linux 9 package golang version 1.15.13-alt1
2021-06-07 00:00:00
archlinux
archlinux
[ASA-202106-42] go: multiple issues
2021-06-15 00:00:00
freebsd
freebsd
go -- multiple vulnerabilities
2021-05-01 00:00:00
suse
suse
Security update for go1.15 (important)
2021-06-30 00:00:00
Security update for go1.15 (important)
2021-07-01 00:00:00
Security update for go1.16 (important)
2021-06-28 00:00:00
almalinux
almalinux
Moderate: go-toolset:rhel8 security, bug fix, and enhancement update
2021-08-10 12:00:58
Moderate: go-toolset:rhel8 security and bug fix update
2022-05-10 06:29:31
oraclelinux
oraclelinux
go-toolset:ol8 security, bug fix, and enhancement update
2021-08-12 00:00:00
debian
debian
[SECURITY] [DLA 2892-1] golang-1.7 security update
2022-01-21 22:02:47
[SECURITY] [DLA 2891-1] golang-1.8 security update
2022-01-21 22:02:40
[SECURITY] [DLA 3395-1] golang-1.11 security update
2023-04-19 21:42:48
photon
photon
Important Photon OS Security Update - PHSA-2021-0294
2021-09-02 00:00:00
Important Photon OS Security Update - PHSA-2021-3.0-0294
2021-09-02 00:00:00
Critical Photon OS Security Update - PHSA-2022-0476
2022-03-03 00:00:00
ics
ics
Siemens SCALANCE LPE9403 Third-Party Vulnerabilities
2022-06-16 12:00:00
gentoo
gentoo
Go: Multiple Vulnerabilities
2022-08-04 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
7.8
Confidence
High
EPSS
0.003
Percentile
65.7%
Related for ALPINE:CVE-2021-33196