Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.

CPENameOperatorVersion
fedoraeq34
fedoraeq35
golt1.16.10
goge1.17.0
golt1.17.3

Name	Operator	Version
fedora	eq	34
fedora	eq	35
go	lt	1.16.10
go	ge	1.17.0
go	lt	1.17.3

References

cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf

groups.google.com/g/golang-announce/c/0fM21h43arc

lists.fedoraproject.org/archives/list/[email protected]/message/4OFS3M3OFB24SWPTIAPARKGPUMQVUY6Z/

lists.fedoraproject.org/archives/list/[email protected]/message/ON7BQRRJZBOR5TJHURBAB3WLF4YXFC6Z/

security.gentoo.org/glsa/202208-02

security.netapp.com/advisory/ntap-20211210-0003/

www.oracle.com/security-alerts/cpujul2022.html

cbl_mariner 2

veracode 1

osv 5

nessus 22

alpinelinux 1

redhatcve 1

ibm 12

cve 1

ubuntucve 1

cvelist 1

debiancve 1

nvd 1

freebsd 1

suse 3

openvas 8

redhat 8

altlinux 1

mageia 1

photon 5

fedora 2

oraclelinux 1

amazon 3

ics 1

rocky 1

almalinux 1

gentoo 1

oracle 1

cbl_mariner

CVE-2021-41772 affecting package golang 1.16.9-1

2021-12-17 20:09:37

CVE-2021-41772 affecting package golang for versions less than 1.17.8-1

2022-04-26 19:57:46

veracode

Improper Error Handling

2021-11-06 13:20:21

osv

Panic when opening certain archives in archive/zip

2022-01-13 20:54:43

BIT-golang-2021-41772

2024-03-06 11:03:41

CVE-2021-41772

2021-11-08 06:15:00

nessus

CBL Mariner 2.0 Security Update: golang (CVE-2021-41772)

2023-03-20 00:00:00

openSUSE 15 Security Update : go1.17 (openSUSE-SU-2021:3833-1)

2021-12-02 00:00:00

SUSE SLED15 / SLES15 Security Update : go1.17 (SUSE-SU-2021:3833-1)

2021-12-02 00:00:00

alpinelinux

CVE-2021-41772

2021-11-08 06:15:08

redhatcve

CVE-2021-41772

2021-11-05 18:24:26

ibm

Security Bulletin: IBM App Connect Enterprise Certified Container may be affected by CVE-2021-41772

2022-01-06 11:20:31

Security Bulletin: Operations Dashboard is vulnerable to Go vulnerabilities CVE-2021-41771 and CVE-2021-41772

2022-01-13 15:43:13

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to denial of service due to Go (CVE CVE-2021-41771 & CVE-2021-41772)

2022-02-08 13:12:19

cve

CVE-2021-41772

2021-11-08 06:15:08

ubuntucve

CVE-2021-41772

2021-11-08 00:00:00

cvelist

CVE-2021-41772

2021-11-08 00:00:00

debiancve

CVE-2021-41772

2021-11-08 06:15:08

nvd

CVE-2021-41772

2021-11-08 06:15:08

freebsd

go -- multiple vulnerabilities

2021-11-04 00:00:00

suse

Security update for go1.16 (moderate)

2021-12-06 00:00:00

Security update for go1.17 (moderate)

2021-12-01 00:00:00

Security update for go1.16 (moderate)

2021-12-01 00:00:00

openvas

openSUSE: Security Advisory for go1.17 (openSUSE-SU-2021:3833-1)

2021-12-02 00:00:00

SUSE: Security Advisory (SUSE-SU-2021:3834-1)

2021-12-02 00:00:00

SUSE: Security Advisory (SUSE-SU-2021:3833-1)

2021-12-02 00:00:00

redhat

(RHSA-2022:1745) Low: Release of OpenShift Serverless Client kn 1.22.0

2022-05-09 07:42:21

(RHSA-2021:5176) Important: go-toolset-1.16 and go-toolset-1.16-golang security and bug fix update

2021-12-16 10:37:14

(RHSA-2022:0055) Moderate: OpenShift Container Platform 4.10.3 bug fix and security update

2022-03-10 12:43:45

altlinux

Security fix for the ALT Linux 10 package golang version 1.17.3-alt1

2021-11-04 00:00:00

mageia

Updated golang packages fix security vulnerability

2021-12-03 21:45:31

photon

Important Photon OS Security Update - PHSA-2021-3.0-0334

2021-11-21 00:00:00

Critical Photon OS Security Update - PHSA-2021-0130

2021-11-29 00:00:00

Critical Photon OS Security Update - PHSA-2021-4.0-0130

2021-11-28 00:00:00

fedora

[SECURITY] Fedora 35 Update: golang-1.16.11-1.fc35

2021-12-16 01:18:21

[SECURITY] Fedora 34 Update: golang-1.16.11-1.fc34

2021-12-16 01:14:10

oraclelinux

go-toolset:ol8 security and bug fix update

2022-05-17 00:00:00

amazon

Important: golang

2022-04-25 15:59:00

Important: golang

2022-07-06 03:11:00

Important: golang

2022-04-25 03:47:00

ics

Siemens Brownfield Connectivity Gateway

2023-02-16 12:00:00

rocky

go-toolset:rhel8 security and bug fix update

2022-05-10 06:29:31

almalinux

Moderate: go-toolset:rhel8 security and bug fix update

2022-05-10 06:29:31

gentoo

Go: Multiple Vulnerabilities

2022-08-04 00:00:00

oracle

Oracle Critical Patch Update Advisory - July 2022

2022-07-19 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

67.8%

JSON

Related for PRION:CVE-2021-41772