Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMDEB1DA14A02B1E96C9E1AD15278A7703F1E3D937C4E9332C472E2D1F0F0E8222
HistoryDec 10, 2021 - 3:45 p.m.

Security Bulletin: Vulnerabilities in Golang Go may affect IBM Spectrum Protect Server (CVE-2021-33195, CVE-2021-33197, CVE-2021-36221)

2021-12-1015:45:35
www.ibm.com
16

0.007 Low

EPSS

Percentile

80.6%

JSON

Summary

The IBM Spectrum Protect Server may be affected by Golang Go vulnerabilities such as denial of service, execution of arbitrary code, and bypassing of security restrictions.

Vulnerability Details

CVEID:CVE-2021-33195
**DESCRIPTION:**Golang Go could allow a remote attacker to execute arbitrary code on the system, caused by not following RFC 1035 rules in the LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in net. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/206601 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID:CVE-2021-33197
**DESCRIPTION:**Golang Go could allow a remote attacker to bypass security restrictions, caused by a flaw in the ReverseProxy in net/http/httputil. By sending a specially-crafted request, an attacker could exploit this vulnerability to drop arbitrary headers, including those set by the ReverseProxy.Director.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/206603 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

CVEID:CVE-2021-36221
**DESCRIPTION:**Golang Go is vulnerable to a denial of service, caused by a race condition upon an ErrAbortHandler abort. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a net/http/httputil ReverseProxy panic.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207036 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Spectrum Protect Server 8.1.7.000-8.1.12.xxx

Remediation/Fixes

IBM Spectrum Protect Server Release First Fixing VRM Level Platform Link to Fix
8.1 8.1.13 AIX
Linux
Windows <https://www.ibm.com/support/pages/node/6522994&gt;

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm spectrum protecteq8.1

Related

osv 15
nessus 55
rocky 3
redhat 30
almalinux 3
ibm 13
photon 2
suse 7
altlinux 4
openvas 25
freebsd 2
archlinux 1
veracode 3
nvd 3
ubuntucve 3
debiancve 3
cnvd 1
cvelist 3
redhatcve 3
alpinelinux 3
cve 3
cbl_mariner 1
oraclelinux 2
mageia 2
amazon 3
prion 3
fedora 3
osv
osv
Moderate: go-toolset:rhel8 security, bug fix, and enhancement update
2021-11-09 08:25:49
Moderate: go-toolset:rhel8 security, bug fix, and enhancement update
2021-11-09 08:25:49
Moderate: grafana security, bug fix, and enhancement update
2021-11-09 08:46:47
nessus
nessus
Rocky Linux 8 : go-toolset:rhel8 (RLSA-2021:4156)
2023-11-06 00:00:00
RHEL 8 : go-toolset:rhel8 (RHSA-2021:4156)
2021-11-11 00:00:00
AlmaLinux 8 : go-toolset:rhel8 (ALSA-2021:4156)
2022-03-11 00:00:00
rocky
rocky
go-toolset:rhel8 security, bug fix, and enhancement update
2021-11-09 08:25:49
grafana security, bug fix, and enhancement update
2021-11-09 08:46:47
container-tools:rhel8 security, bug fix, and enhancement update
2022-11-08 06:20:07
redhat
redhat
(RHSA-2021:4156) Moderate: go-toolset:rhel8 security, bug fix, and enhancement update
2021-11-09 08:25:49
(RHSA-2021:3431) Moderate: go-toolset-1.15-golang security update
2021-09-07 08:12:15
(RHSA-2022:1402) Moderate: OpenShift Virtualization 2.6.10 RPMs security and bug fix update
2022-04-19 13:18:33
almalinux
almalinux
Moderate: go-toolset:rhel8 security, bug fix, and enhancement update
2021-11-09 08:25:49
Moderate: grafana security, bug fix, and enhancement update
2021-11-09 08:46:47
Moderate: buildah security and bug fix update
2022-11-15 00:00:00
ibm
ibm
Security Bulletin: IBM Event Streams affected by multiple vulnerabilities in Golang
2021-12-21 17:45:34
Security Bulletin: IBM Cloud Pak for Integration is vulnerable to multiple Go vulnerabilities
2021-10-15 13:05:50
Security Bulletin: Operations Dashboard is vulnerable to multiple Go vulnerabilities
2021-10-14 13:05:25
photon
photon
Important Photon OS Security Update - PHSA-2021-0294
2021-09-02 00:00:00
Important Photon OS Security Update - PHSA-2021-3.0-0294
2021-09-02 00:00:00
suse
suse
Security update for go1.15 (important)
2021-07-01 00:00:00
Security update for go1.16 (important)
2021-06-28 00:00:00
Security update for go1.15 (important)
2021-06-30 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package golang version 1.15.13-alt1
2021-06-07 00:00:00
Security fix for the ALT Linux 10 package golang version 1.16.5-alt1
2021-06-05 00:00:00
Security fix for the ALT Linux 10 package golang version 1.16.7-alt1
2021-08-12 00:00:00
openvas
openvas
openSUSE: Security Advisory for go1.15 (openSUSE-SU-2021:2214-1)
2021-07-01 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:2186-1)
2021-06-29 00:00:00
openSUSE: Security Advisory for go1.16 (openSUSE-SU-2021:2186-1)
2021-06-29 00:00:00
freebsd
freebsd
go -- multiple vulnerabilities
2021-05-01 00:00:00
go -- net/http: panic due to racy read of persistConn after handler panic
2021-06-21 00:00:00
archlinux
archlinux
[ASA-202106-42] go: multiple issues
2021-06-15 00:00:00
veracode
veracode
Denial Of Service (DoS)
2021-06-05 21:59:55
Denial Of Service
2021-08-06 20:30:04
Arbitrary Values
2021-06-05 21:59:57
nvd
nvd
CVE-2021-33197
2021-08-02 19:15:08
CVE-2021-33195
2021-08-02 19:15:08
CVE-2021-36221
2021-08-08 06:15:08
ubuntucve
ubuntucve
CVE-2021-33197
2021-08-02 00:00:00
CVE-2021-33195
2021-08-02 00:00:00
CVE-2021-36221
2021-08-08 00:00:00
debiancve
debiancve
CVE-2021-33197
2021-08-02 19:15:08
CVE-2021-33195
2021-08-02 19:15:08
CVE-2021-36221
2021-08-08 06:15:08
cnvd
cnvd
Google Golang has an unspecified vulnerability (CNVD-2022-02629)
2021-06-30 00:00:00
cvelist
cvelist
CVE-2021-33195
2021-08-02 18:51:34
CVE-2021-33197
2021-08-02 18:54:45
CVE-2021-36221
2021-08-08 00:00:00
redhatcve
redhatcve
CVE-2021-33195
2021-08-03 13:28:26
CVE-2021-33197
2022-05-07 14:23:23
CVE-2021-36221
2022-04-30 13:09:05
alpinelinux
alpinelinux
CVE-2021-33197
2021-08-02 19:15:08
CVE-2021-33195
2021-08-02 19:15:08
CVE-2021-36221
2021-08-08 06:15:08
cve
cve
CVE-2021-33197
2021-08-02 19:15:08
CVE-2021-33195
2021-08-02 19:15:08
CVE-2021-36221
2021-08-08 06:15:08
cbl_mariner
cbl_mariner
CVE-2021-36221 affecting package golang 1.15.13-1
2021-09-09 15:03:05
oraclelinux
oraclelinux
grafana security, bug fix, and enhancement update
2021-11-16 00:00:00
buildah security and bug fix update
2022-11-22 00:00:00
mageia
mageia
Updated golang packages fix security vulnerability
2021-09-04 20:01:38
Updated golang packages fix security vulnerabilities
2021-07-25 11:34:17
amazon
amazon
Medium: golang
2021-09-30 19:24:00
Important: golang
2022-07-28 21:55:00
Medium: golang
2021-09-02 22:54:00
prion
prion
Format string
2021-08-02 19:15:00
Design/Logic Flaw
2021-08-02 19:15:00
Race condition
2021-08-08 06:15:00
fedora
fedora
[SECURITY] Fedora 33 Update: golang-1.15.15-1.fc33
2021-09-15 18:20:16
[SECURITY] Fedora 34 Update: golang-1.16.8-1.fc34
2021-09-22 16:30:52
[SECURITY] Fedora 35 Update: golang-1.16.8-2.fc35
2021-09-24 20:54:01

0.007 Low

EPSS

Percentile

80.6%

JSON
Related for DEB1DA14A02B1E96C9E1AD15278A7703F1E3D937C4E9332C472E2D1F0F0E8222
osv15nessus55rocky3redhat30almalinux3ibm13photon2suse7altlinux4openvas25freebsd2archlinux1veracode3nvd3ubuntucve3debiancve3cnvd1cvelist3redhatcve3alpinelinux3cve3cbl_mariner1oraclelinux2mageia2amazon3prion3fedora3