net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.

CPENameOperatorVersion
fedoraeq34
goge1.16.0
golt1.16.4
golt1.15.12

Name	Operator	Version
fedora	eq	34
go	ge	1.16.0
go	lt	1.16.4
go	lt	1.15.12

References

github.com/golang/go/issues/45710

groups.google.com/g/golang-announce/c/cu9SP4eSXMc

lists.fedoraproject.org/archives/list/[email protected]/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF/

security.gentoo.org/glsa/202208-02

nessus 27

osv 5

openvas 10

cvelist 2

ibm 27

nvd 2

alpinelinux 1

fedora 2

suse 1

f5 1

veracode 1

ubuntucve 1

freebsd 1

altlinux 2

cve 2

cgr 1

debiancve 1

amazon 2

gitlab 2

cbl_mariner 1

redhatcve 3

photon 5

github 1

wolfi 1

redhat 20

rocky 1

prion 1

oraclelinux 1

almalinux 1

mageia 1

gentoo 1

nessus

SUSE SLED15 / SLES15 Security Update : go1.16 (SUSE-SU-2021:2085-1)

2021-06-21 00:00:00

EulerOS 2.0 SP8 : golang (EulerOS-SA-2021-2462)

2021-09-24 00:00:00

Amazon Linux AMI : golang (ALAS-2021-1512)

2021-07-13 00:00:00

osv

CVE-2021-31525

2021-05-27 13:15:08

golang.org/x/net/http/httpguts vulnerable to Uncontrolled Recursion

2022-05-24 19:03:29

BIT-golang-2021-31525

2024-03-06 11:05:35

openvas

SUSE: Security Advisory (SUSE-SU-2021:2085-1)

2021-06-20 00:00:00

Fedora: Security Advisory for golang (FEDORA-2021-a50122f73b)

2021-05-20 00:00:00

openSUSE: Security Advisory for go1.15 (openSUSE-SU-2021:0904-1)

2021-06-24 00:00:00

cvelist

CVE-2021-31525

2021-05-27 12:17:11

CVE-2021-3703

2022-08-26 15:25:40

ibm

Security Bulletin: IBM Cloud Pak for Integration is vulnerable to Go vulnerability CVE-2021-31525

2021-10-08 15:27:53

Security Bulletin: A security vulnerability in Golang Go affects IBM Cloud Pak for Multicloud Management Managed services

2021-07-26 16:55:31

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Golang (CVE-2021-31525)

2022-04-22 13:59:38

nvd

CVE-2021-31525

2021-05-27 13:15:08

CVE-2021-3703

2022-08-26 16:15:09

alpinelinux

CVE-2021-31525

2021-05-27 13:15:08

fedora

[SECURITY] Fedora 33 Update: golang-1.15.12-1.fc33

2021-05-19 01:31:16

[SECURITY] Fedora 34 Update: golang-1.16.4-1.fc34

2021-06-22 01:01:50

suse

Security update for go1.15 (moderate)

2021-06-24 00:00:00

K55518036 : GO vulnerability CVE-2021-31525

2021-11-03 00:00:00

veracode

Stack Overflow

2021-05-09 02:20:52

ubuntucve

CVE-2021-31525

2021-05-27 00:00:00

freebsd

go -- net/http: ReadRequest can stack overflow due to recursion with very large headers

2021-04-22 00:00:00

altlinux

Security fix for the ALT Linux 10 package golang version 1.16.4-alt1

2021-05-06 00:00:00

Security fix for the ALT Linux 9 package golang version 1.15.12-alt1

2021-05-11 00:00:00

cve

CVE-2021-31525

2021-05-27 13:15:08

CVE-2021-3703

2022-08-26 16:15:09

cgr

CVE-2021-31525 vulnerabilities

2024-05-19 03:07:16

debiancve

CVE-2021-31525

2021-05-27 13:15:08

amazon

Medium: golang

2021-06-16 20:37:00

Medium: golang

2021-07-08 18:38:00

gitlab

Uncontrolled Recursion

2022-05-24 00:00:00

Uncontrolled Recursion

2022-05-24 00:00:00

cbl_mariner

CVE-2021-31525 affecting package golang 1.15.11-1

2021-07-08 21:56:48

redhatcve

CVE-2021-31525

2021-05-11 20:55:42

CVE-2021-23161

2021-08-19 07:33:56

CVE-2021-3703

2021-09-13 23:23:31

photon

Moderate Photon OS Security Update - PHSA-2021-0276

2021-07-29 00:00:00

Important Photon OS Security Update - PHSA-2021-0046

2021-06-15 00:00:00

Moderate Photon OS Security Update - PHSA-2021-3.0-0276

2021-07-29 00:00:00

github

golang.org/x/net/http/httpguts vulnerable to Uncontrolled Recursion

2022-05-24 19:03:29

wolfi

CVE-2021-31525 vulnerabilities

2024-06-29 09:08:33

redhat

(RHSA-2022:0308) Moderate: OpenShift Container Storage 3.11.z security and bug fix update

2022-01-27 13:03:28

(RHSA-2021:2704) Moderate: Release of OpenShift Serverless Client kn 1.16.0

2021-07-13 16:30:23

(RHSA-2021:5072) Moderate: Red Hat OpenStack Platform 16.1 (etcd) security update

2021-12-09 19:50:44

rocky

go-toolset:rhel8 security, bug fix, and enhancement update

2021-08-10 12:00:58

prion

Design/Logic Flaw

2022-08-26 16:15:00

oraclelinux

go-toolset:ol8 security, bug fix, and enhancement update

2021-08-12 00:00:00

almalinux

Moderate: go-toolset:rhel8 security, bug fix, and enhancement update

2021-08-10 12:00:58

mageia

Updated golang packages fix security vulnerabilities

2021-07-25 11:34:17

gentoo

Go: Multiple Vulnerabilities

2022-08-04 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

6.2 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.3%

JSON

Related for PRION:CVE-2021-31525