The NewReader and OpenReader functions in archive/zip can cause a panic or an unrecoverable fatal error when reading an archive that claims to contain a large number of files, regardless of its actual size. This is caused by an incomplete fix for CVE-2021-33196.

CPENameOperatorVersion
stdliblt1.17.1
stdlibge1.17.0-0
stdliblt1.16.8

Name	Operator	Version
stdlib	lt	1.17.1
stdlib	ge	1.17.0-0
stdlib	lt	1.16.8

References

go.dev/cl/343434

go.dev/issue/47801

go.googlesource.com/go/+/bacbc33439b124ffd7392c91a5f5d96eca8c0c0b

groups.google.com/g/golang-announce/c/dx9d7IOseHw

nessus 47

openvas 22

ubuntucve 2

osv 11

prion 3

alpinelinux 2

nvd 3

debiancve 2

redhat 19

redhatcve 4

cvelist 3

cve 3

mageia 2

suse 5

veracode 2

cnvd 1

freebsd 2

altlinux 3

ibm 17

debian 3

amazon 5

almalinux 2

rocky 2

ics 1

oraclelinux 2

archlinux 1

photon 4

gentoo 1

nessus

openSUSE 15 Security Update : go1.16 (openSUSE-SU-2021:3292-1)

2021-10-07 00:00:00

Siemens SCALANCE LPE9403 Allocation of Resources Without Limits or Throttling (CVE-2021-39293)

2024-01-15 00:00:00

SUSE SLED15 / SLES15 Security Update : go1.16 (SUSE-SU-2021:3292-1)

2021-10-07 00:00:00

openvas

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2022-1660)

2022-05-09 00:00:00

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2022-1646)

2022-05-09 00:00:00

Mageia: Security Advisory (MGASA-2021-0475)

2022-01-28 00:00:00

ubuntucve

CVE-2021-39293

2022-01-24 00:00:00

CVE-2021-33196

2021-08-02 00:00:00

osv

CVE-2021-39293

2022-01-24 01:15:07

BIT-golang-2021-39293

2024-03-06 11:04:03

Panic when reading certain archives in archive/zip

2022-02-17 17:33:25

prion

Design/Logic Flaw

2022-01-24 01:15:00

Code injection

2021-08-02 19:15:00

Design/Logic Flaw

2022-08-26 16:15:00

alpinelinux

CVE-2021-39293

2022-01-24 01:15:07

CVE-2021-33196

2021-08-02 19:15:08

nvd

CVE-2021-39293

2022-01-24 01:15:07

CVE-2021-33196

2021-08-02 19:15:08

CVE-2021-3703

2022-08-26 16:15:09

debiancve

CVE-2021-39293

2022-01-24 01:15:07

CVE-2021-33196

2021-08-02 19:15:08

redhat

(RHSA-2022:0655) Low: OpenShift Container Platform 4.9.23 bug fix and security update

2022-02-28 20:44:22

(RHSA-2022:0432) Moderate: Release of OpenShift Serverless Client kn 1.20.0

2022-02-03 15:51:33

(RHSA-2021:2634) Moderate: go-toolset-1.15 and go-toolset-1.15-golang security and bug fix update

2021-07-01 12:53:07

redhatcve

CVE-2021-39293

2021-09-20 19:13:18

CVE-2021-33196

2021-05-28 00:47:57

CVE-2021-23156

2021-08-19 07:35:03

cvelist

CVE-2021-39293

2022-01-24 00:00:00

CVE-2021-33196

2021-08-02 00:00:00

CVE-2021-3703

2022-08-26 15:25:40

cve

CVE-2021-39293

2022-01-24 01:15:07

CVE-2021-33196

2021-08-02 19:15:08

CVE-2021-3703

2022-08-26 16:15:09

mageia

Updated golang packages fix security vulnerability

2021-10-13 22:39:52

Updated golang packages fix security vulnerabilities

2021-07-25 11:34:17

suse

Security update for go1.16 (important)

2021-10-11 00:00:00

Security update for go1.16 (important)

2021-10-06 00:00:00

Security update for go1.15 (important)

2021-07-01 00:00:00

veracode

Denial Of Service

2021-08-25 07:36:50

Denial Of Service (DoS)

2021-06-03 21:21:46

cnvd

Google Go Denial of Service Vulnerability (CNVD-2022-55062)

2022-04-01 00:00:00

freebsd

go -- archive/zip: overflow in preallocation check can cause OOM panic

2021-08-18 00:00:00

go -- multiple vulnerabilities

2021-05-01 00:00:00

altlinux

Security fix for the ALT Linux 10 package golang version 1.17.1-alt1

2021-09-13 00:00:00

Security fix for the ALT Linux 9 package golang version 1.15.13-alt1

2021-06-07 00:00:00

Security fix for the ALT Linux 10 package golang version 1.16.5-alt1

2021-06-05 00:00:00

ibm

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Golang (CVE-2021-33196)

2022-04-22 15:57:16

Security Bulletin: IBM App Connect Enterprise Certified Container Operator and IntegrationServer operands may be vulnerable to denial of service due to CVE-2021-39293

2022-05-26 14:15:01

Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to Denial of Service via CVE-2021-33196

2021-09-14 13:37:44

debian

[SECURITY] [DLA 2892-1] golang-1.7 security update

2022-01-21 22:02:47

[SECURITY] [DLA 2891-1] golang-1.8 security update

2022-01-21 22:02:40

[SECURITY] [DLA 3395-1] golang-1.11 security update

2023-04-19 21:42:48

amazon

Medium: golang

2021-08-04 20:32:00

Important: golang

2022-07-06 03:11:00

Important: golang

2022-04-25 03:47:00

almalinux

Moderate: go-toolset:rhel8 security and bug fix update

2022-05-10 06:29:31

Moderate: go-toolset:rhel8 security, bug fix, and enhancement update

2021-08-10 12:00:58

rocky

go-toolset:rhel8 security and bug fix update

2022-05-10 06:29:31

go-toolset:rhel8 security, bug fix, and enhancement update

2021-08-10 12:00:58

ics

Siemens SCALANCE LPE9403 Third-Party Vulnerabilities

2022-06-16 12:00:00

oraclelinux

go-toolset:ol8 security, bug fix, and enhancement update

2021-08-12 00:00:00

go-toolset:ol8 security and bug fix update

2022-05-17 00:00:00

archlinux

[ASA-202106-42] go: multiple issues

2021-06-15 00:00:00

photon

Important Photon OS Security Update - PHSA-2021-0294

2021-09-02 00:00:00

Important Photon OS Security Update - PHSA-2021-3.0-0294

2021-09-02 00:00:00

Critical Photon OS Security Update - PHSA-2022-0476

2022-03-03 00:00:00

gentoo

Go: Multiple Vulnerabilities

2022-08-04 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.8%

JSON

Related for OSV:GO-2022-0273