In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive’s header) can cause a NewReader or OpenReader panic.

References

groups.google.com/g/golang-announce

groups.google.com/g/golang-announce/c/RgCMkAEQjSI

lists.debian.org/debian-lts-announce/2022/01/msg00016.html

lists.debian.org/debian-lts-announce/2022/01/msg00017.html

lists.debian.org/debian-lts-announce/2023/04/msg00021.html

security.gentoo.org/glsa/202208-02

redhatcve 4

nessus 46

osv 12

cve 3

alpinelinux 2

prion 3

nvd 3

ibm 14

ubuntucve 2

redhat 19

debiancve 2

veracode 1

cvelist 2

openvas 19

amazon 2

mageia 2

freebsd 1

archlinux 1

rocky 2

altlinux 2

suse 3

oraclelinux 1

almalinux 2

debian 3

photon 3

ics 1

gentoo 1

redhatcve

CVE-2021-33196

2021-05-28 00:47:57

CVE-2021-39293

2021-09-20 19:13:18

CVE-2021-23156

2021-08-19 07:35:03

nessus

RHEL 7 : go-toolset-1.15 and go-toolset-1.15-golang (RHSA-2021:2634)

2021-07-02 00:00:00

Amazon Linux 2 : golang (ALAS-2021-1694)

2021-08-06 00:00:00

openSUSE 15 Security Update : go1.16 (openSUSE-SU-2021:1342-1)

2021-10-12 00:00:00

osv

BIT-golang-2021-33196

2024-03-06 11:05:05

Panic when reading certain archives in archive/zip

2022-02-17 17:33:25

CVE-2021-33196

2021-08-02 19:15:08

cve

CVE-2021-33196

2021-08-02 19:15:08

CVE-2021-39293

2022-01-24 01:15:07

CVE-2021-3703

2022-08-26 16:15:09

alpinelinux

CVE-2021-33196

2021-08-02 19:15:08

CVE-2021-39293

2022-01-24 01:15:07

prion

Code injection

2021-08-02 19:15:00

Design/Logic Flaw

2022-01-24 01:15:00

Design/Logic Flaw

2022-08-26 16:15:00

nvd

CVE-2021-33196

2021-08-02 19:15:08

CVE-2021-39293

2022-01-24 01:15:07

CVE-2021-3703

2022-08-26 16:15:09

ibm

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Golang (CVE-2021-33196)

2022-04-22 15:57:16

Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to Denial of Service via CVE-2021-33196

2021-09-14 13:37:44

Security Bulletin: Multiple Vulnerabilities affect IBM® Db2® On Openshift and IBM® Db2® and Db2 Warehouse® on Cloud Pak for Data

2022-04-11 19:51:55

ubuntucve

CVE-2021-33196

2021-08-02 00:00:00

CVE-2021-39293

2022-01-24 00:00:00

redhat

(RHSA-2021:2634) Moderate: go-toolset-1.15 and go-toolset-1.15-golang security and bug fix update

2021-07-01 12:53:07

(RHSA-2022:0655) Low: OpenShift Container Platform 4.9.23 bug fix and security update

2022-02-28 20:44:22

(RHSA-2021:2704) Moderate: Release of OpenShift Serverless Client kn 1.16.0

2021-07-13 16:30:23

debiancve

CVE-2021-33196

2021-08-02 19:15:08

CVE-2021-39293

2022-01-24 01:15:07

veracode

Denial Of Service (DoS)

2021-06-03 21:21:46

cvelist

CVE-2021-39293

2022-01-24 00:00:00

CVE-2021-3703

2022-08-26 15:25:40

openvas

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2022-1660)

2022-05-09 00:00:00

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2022-1646)

2022-05-09 00:00:00

Mageia: Security Advisory (MGASA-2021-0475)

2022-01-28 00:00:00

amazon

Medium: golang

2021-08-04 20:32:00

Important: golang

2022-09-15 03:57:00

mageia

Updated golang packages fix security vulnerability

2021-10-13 22:39:52

Updated golang packages fix security vulnerabilities

2021-07-25 11:34:17

freebsd

go -- multiple vulnerabilities

2021-05-01 00:00:00

archlinux

[ASA-202106-42] go: multiple issues

2021-06-15 00:00:00

rocky

go-toolset:rhel8 security, bug fix, and enhancement update

2021-08-10 12:00:58

go-toolset:rhel8 security and bug fix update

2022-05-10 06:29:31

altlinux

Security fix for the ALT Linux 10 package golang version 1.16.5-alt1

2021-06-05 00:00:00

Security fix for the ALT Linux 9 package golang version 1.15.13-alt1

2021-06-07 00:00:00

suse

Security update for go1.15 (important)

2021-07-01 00:00:00

Security update for go1.15 (important)

2021-06-30 00:00:00

Security update for go1.16 (important)

2021-06-28 00:00:00

oraclelinux

go-toolset:ol8 security, bug fix, and enhancement update

2021-08-12 00:00:00

almalinux

Moderate: go-toolset:rhel8 security, bug fix, and enhancement update

2021-08-10 12:00:58

Moderate: go-toolset:rhel8 security and bug fix update

2022-05-10 06:29:31

debian

[SECURITY] [DLA 2892-1] golang-1.7 security update

2022-01-21 22:02:47

[SECURITY] [DLA 2891-1] golang-1.8 security update

2022-01-21 22:02:40

[SECURITY] [DLA 3395-1] golang-1.11 security update

2023-04-19 21:42:48

photon

Important Photon OS Security Update - PHSA-2021-0294

2021-09-02 00:00:00

Important Photon OS Security Update - PHSA-2021-3.0-0294

2021-09-02 00:00:00

Critical Photon OS Security Update - PHSA-2022-0476

2022-03-03 00:00:00

ics

Siemens SCALANCE LPE9403 Third-Party Vulnerabilities

2022-06-16 12:00:00

gentoo

Go: Multiple Vulnerabilities

2022-08-04 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.8%

JSON

Related for CVELIST:CVE-2021-33196