NewReader and OpenReader can cause a panic or an unrecoverable fatal error when reading an archive that claims to contain a large number of files, regardless of its actual size.

CPENameOperatorVersion
stdlibge1.16.0-0
stdliblt1.15.13
stdliblt1.16.5

Name	Operator	Version
stdlib	ge	1.16.0-0
stdlib	lt	1.15.13
stdlib	lt	1.16.5

References

go.dev/cl/318909

go.dev/issue/46242

go.googlesource.com/go/+/74242baa4136c7a9132a8ccd9881354442788c8c

groups.google.com/g/golang-announce/c/RgCMkAEQjSI

nvd 3

alpinelinux 2

prion 3

ibm 14

ubuntucve 2

redhatcve 4

nessus 46

osv 11

cve 3

cvelist 3

debiancve 2

redhat 19

veracode 1

openvas 19

amazon 2

mageia 2

rocky 2

altlinux 2

suse 3

oraclelinux 1

almalinux 2

freebsd 1

archlinux 1

debian 3

photon 3

ics 1

gentoo 1

nvd

CVE-2021-33196

2021-08-02 19:15:08

CVE-2021-39293

2022-01-24 01:15:07

CVE-2021-3703

2022-08-26 16:15:09

alpinelinux

CVE-2021-33196

2021-08-02 19:15:08

CVE-2021-39293

2022-01-24 01:15:07

prion

Code injection

2021-08-02 19:15:00

Design/Logic Flaw

2022-01-24 01:15:00

Design/Logic Flaw

2022-08-26 16:15:00

ibm

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Golang (CVE-2021-33196)

2022-04-22 15:57:16

Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to Denial of Service via CVE-2021-33196

2021-09-14 13:37:44

Security Bulletin: Multiple Vulnerabilities affect IBM® Db2® On Openshift and IBM® Db2® and Db2 Warehouse® on Cloud Pak for Data

2022-04-11 19:51:55

ubuntucve

CVE-2021-33196

2021-08-02 00:00:00

CVE-2021-39293

2022-01-24 00:00:00

redhatcve

CVE-2021-33196

2021-05-28 00:47:57

CVE-2021-39293

2021-09-20 19:13:18

CVE-2021-23156

2021-08-19 07:35:03

nessus

RHEL 7 : go-toolset-1.15 and go-toolset-1.15-golang (RHSA-2021:2634)

2021-07-02 00:00:00

Siemens SCALANCE LPE9403 Allocation of Resources Without Limits or Throttling (CVE-2021-39293)

2024-01-15 00:00:00

openSUSE 15 Security Update : go1.16 (openSUSE-SU-2021:3292-1)

2021-10-07 00:00:00

osv

BIT-golang-2021-33196

2024-03-06 11:05:05

CVE-2021-33196

2021-08-02 19:15:08

CVE-2021-39293

2022-01-24 01:15:07

cve

CVE-2021-33196

2021-08-02 19:15:08

CVE-2021-39293

2022-01-24 01:15:07

CVE-2021-3703

2022-08-26 16:15:09

cvelist

CVE-2021-33196

2021-08-02 00:00:00

CVE-2021-39293

2022-01-24 00:00:00

CVE-2021-3703

2022-08-26 15:25:40

debiancve

CVE-2021-33196

2021-08-02 19:15:08

CVE-2021-39293

2022-01-24 01:15:07

redhat

(RHSA-2021:2634) Moderate: go-toolset-1.15 and go-toolset-1.15-golang security and bug fix update

2021-07-01 12:53:07

(RHSA-2022:0655) Low: OpenShift Container Platform 4.9.23 bug fix and security update

2022-02-28 20:44:22

(RHSA-2021:2704) Moderate: Release of OpenShift Serverless Client kn 1.16.0

2021-07-13 16:30:23

veracode

Denial Of Service (DoS)

2021-06-03 21:21:46

openvas

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2022-1660)

2022-05-09 00:00:00

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2022-1646)

2022-05-09 00:00:00

Mageia: Security Advisory (MGASA-2021-0475)

2022-01-28 00:00:00

amazon

Medium: golang

2021-08-04 20:32:00

Important: golang

2022-09-15 03:57:00

mageia

Updated golang packages fix security vulnerability

2021-10-13 22:39:52

Updated golang packages fix security vulnerabilities

2021-07-25 11:34:17

rocky

go-toolset:rhel8 security, bug fix, and enhancement update

2021-08-10 12:00:58

go-toolset:rhel8 security and bug fix update

2022-05-10 06:29:31

altlinux

Security fix for the ALT Linux 10 package golang version 1.16.5-alt1

2021-06-05 00:00:00

Security fix for the ALT Linux 9 package golang version 1.15.13-alt1

2021-06-07 00:00:00

suse

Security update for go1.15 (important)

2021-07-01 00:00:00

Security update for go1.16 (important)

2021-06-28 00:00:00

Security update for go1.15 (important)

2021-06-30 00:00:00

oraclelinux

go-toolset:ol8 security, bug fix, and enhancement update

2021-08-12 00:00:00

almalinux

Moderate: go-toolset:rhel8 security, bug fix, and enhancement update

2021-08-10 12:00:58

Moderate: go-toolset:rhel8 security and bug fix update

2022-05-10 06:29:31

freebsd

go -- multiple vulnerabilities

2021-05-01 00:00:00

archlinux

[ASA-202106-42] go: multiple issues

2021-06-15 00:00:00

debian

[SECURITY] [DLA 2892-1] golang-1.7 security update

2022-01-21 22:02:47

[SECURITY] [DLA 2891-1] golang-1.8 security update

2022-01-21 22:02:40

[SECURITY] [DLA 3395-1] golang-1.11 security update

2023-04-19 21:42:48

photon

Important Photon OS Security Update - PHSA-2021-0294

2021-09-02 00:00:00

Important Photon OS Security Update - PHSA-2021-3.0-0294

2021-09-02 00:00:00

Critical Photon OS Security Update - PHSA-2022-0476

2022-03-03 00:00:00

ics

Siemens SCALANCE LPE9403 Third-Party Vulnerabilities

2022-06-16 12:00:00

gentoo

Go: Multiple Vulnerabilities

2022-08-04 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.6 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.8%

JSON

Related for OSV:GO-2021-0240