Lucene search
IBM6C7467C179FEFD15086866C8EB0A9F090029E199C847DF6CD9552F8A6EC72EF6HistoryApr 22, 2022 - 6:54 p.m.
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Golang (CVE-2021-36221)
2022-04-2218:54:45
www.ibm.com
15
0.007 Low
EPSS
Percentile
80.5%
Summary
Security Vulnerabilities affect IBM Cloud Private - Golang
Vulnerability Details
CVEID:CVE-2021-36221
**DESCRIPTION:**Golang Go is vulnerable to a denial of service, caused by a race condition upon an ErrAbortHandler abort. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a net/http/httputil ReverseProxy panic.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207036 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Cloud Private | 3.2.1 CD |
| IBM Cloud Private | 3.2.2 CD |
Remediation/Fixes
Product defect fixes and security updates are only available for the two most recent Continuous Delivery (CD) update packages
- IBM Cloud Private 3.2.1
- IBM Cloud Private 3.2.2
For IBM Cloud Private 3.2.1, apply fix pack:
For IBM Cloud Private 3.2.2, apply fix pack:
For IBM Cloud Private 3.1.0, 3.1.1, 3.1.2, 3.2.0
- Upgrade to the latest Continuous Delivery (CD) update package, IBM Cloud Private 3.2.2.
- If required, individual product fixes can be made available between CD update packages for resolution of problems. Contact IBM support for assistance
Workarounds and Mitigations
None
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | cloud_private | 3.2.1 | cpe:2.3:a:ibm:cloud_private:3.2.1:*:*:*:*:*:*:* |
| ibm | cloud_private | 3.2.2 | cpe:2.3:a:ibm:cloud_private:3.2.2:*:*:*:*:*:*:* |
Related
nessus
nessus
openSUSE 15 Security Update : go1.16 (openSUSE-SU-2021:2788-1)
2021-08-21 00:00:00
Amazon Linux AMI : golang (ALAS-2021-1538)
2021-10-04 00:00:00
openSUSE 15 Security Update : go1.15 (openSUSE-SU-2021:1207-1)
2021-08-28 00:00:00
redhat
redhat
osv
osv
Panic in ReverseProxy in net/http/httputil
2022-02-17 17:32:24
BIT-golang-2021-36221
2024-03-06 11:04:26
CVE-2021-36221
2021-08-08 06:15:08
cbl_mariner
cbl_mariner
CVE-2021-36221 affecting package golang 1.15.13-1
2021-09-09 15:03:05
openvas
openvas
Mageia: Security Advisory (MGASA-2021-0416)
2022-01-28 00:00:00
openSUSE: Security Advisory for go1.16 (openSUSE-SU-2021:2788-1)
2021-08-21 00:00:00
Fedora: Security Advisory for golang (FEDORA-2021-38b51d9fd3)
2021-09-16 00:00:00
nvd
nvd
CVE-2021-36221
2021-08-08 06:15:08
veracode
veracode
Denial Of Service
2021-08-06 20:30:04
altlinux
altlinux
Security fix for the ALT Linux 10 package golang version 1.16.7-alt1
2021-08-12 00:00:00
Security fix for the ALT Linux 9 package golang version 1.15.15-alt1
2021-08-11 00:00:00
suse
suse
Security update for go1.16 (moderate)
2021-08-26 00:00:00
Security update for go1.16 (moderate)
2021-08-20 00:00:00
Security update for go1.15 (moderate)
2021-08-28 00:00:00
mageia
mageia
Updated golang packages fix security vulnerability
2021-09-04 20:01:38
freebsd
freebsd
go -- net/http: panic due to racy read of persistConn after handler panic
2021-06-21 00:00:00
alpinelinux
alpinelinux
CVE-2021-36221
2021-08-08 06:15:08
ibm
ibm
redhatcve
redhatcve
CVE-2021-36221
2022-04-30 13:09:05
debiancve
debiancve
CVE-2021-36221
2021-08-08 06:15:08
cve
cve
CVE-2021-36221
2021-08-08 06:15:08
amazon
amazon
Medium: golang
2021-09-30 19:24:00
Important: golang
2022-07-28 21:55:00
cvelist
cvelist
CVE-2021-36221
2021-08-08 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: golang-1.15.15-1.fc33
2021-09-15 18:20:16
[SECURITY] Fedora 34 Update: golang-1.16.8-1.fc34
2021-09-22 16:30:52
[SECURITY] Fedora 35 Update: golang-1.16.8-2.fc35
2021-09-24 20:54:01
ubuntucve
ubuntucve
CVE-2021-36221
2021-08-08 00:00:00
prion
prion
Race condition
2021-08-08 06:15:00
rocky
rocky
go-toolset:rhel8 security, bug fix, and enhancement update
2021-11-09 08:25:49
container-tools:rhel8 security, bug fix, and enhancement update
2022-11-08 06:20:07
almalinux
almalinux
Moderate: go-toolset:rhel8 security, bug fix, and enhancement update
2021-11-09 08:25:49
debian
debian
[SECURITY] [DLA 2892-1] golang-1.7 security update
2022-01-21 22:02:47
[SECURITY] [DLA 2891-1] golang-1.8 security update
2022-01-21 22:02:40
[SECURITY] [DLA 3395-1] golang-1.11 security update
2023-04-19 21:42:48
oraclelinux
oraclelinux
container-tools:ol8 security, bug fix, and enhancement update
2022-11-15 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2021-0294
2021-09-02 00:00:00
Important Photon OS Security Update - PHSA-2021-3.0-0294
2021-09-02 00:00:00
Critical Photon OS Security Update - PHSA-2021-0130
2021-11-29 00:00:00
ics
ics
Siemens SCALANCE LPE9403 Third-Party Vulnerabilities
2022-06-16 12:00:00
gentoo
gentoo
Go: Multiple Vulnerabilities
2022-08-04 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2022
2022-01-18 00:00:00
0.007 Low
EPSS
Percentile
80.5%
Related for 6C7467C179FEFD15086866C8EB0A9F090029E199C847DF6CD9552F8A6EC72EF6