Lucene search
Veracode Vulnerability DatabaseVERACODE:32833HistoryNov 06, 2021 - 1:20 p.m.
Improper Error Handling
2021-11-0613:20:21
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
16
improper error handling
open panic
malicious zip archive
EPSS
0.003
Percentile
70.9%
go has improper error handling. An attacker is able to cause an open panic via a maliciously crafted ZIP archive containing an invalid name or an empty filename field.
References
groups.google.com/g/golang-announce/c/0fM21h43arc
lists.fedoraproject.org/archives/list/[email protected]/message/4OFS3M3OFB24SWPTIAPARKGPUMQVUY6Z/
lists.fedoraproject.org/archives/list/[email protected]/message/ON7BQRRJZBOR5TJHURBAB3WLF4YXFC6Z/
secdb.alpinelinux.org/edge/community.yaml
secdb.alpinelinux.org/v3.14/community.yaml
security.gentoo.org/glsa/202208-02
security.netapp.com/advisory/ntap-20211210-0003/
www.oracle.com/security-alerts/cpujul2022.html
Related
cbl_mariner
cbl_mariner
CVE-2021-41772 affecting package golang for versions less than 1.17.8-1
2022-04-26 19:57:46
CVE-2021-41772 affecting package golang 1.16.9-1
2021-12-17 20:09:37
osv
osv
BIT-golang-2021-41772
2024-03-06 11:03:41
CVE-2021-41772
2021-11-08 06:15:00
Panic when opening certain archives in archive/zip
2022-01-13 20:54:43
redhatcve
redhatcve
CVE-2021-41772
2021-11-05 18:24:26
ubuntucve
ubuntucve
CVE-2021-41772
2021-11-08 00:00:00
ibm
ibm
cve
cve
CVE-2021-41772
2021-11-08 06:15:08
alpinelinux
alpinelinux
CVE-2021-41772
2021-11-08 06:15:08
nessus
nessus
CBL Mariner 2.0 Security Update: golang (CVE-2021-41772)
2023-03-20 00:00:00
openSUSE 15 Security Update : go1.17 (openSUSE-SU-2021:3833-1)
2021-12-02 00:00:00
SUSE SLED15 / SLES15 Security Update : go1.16 (SUSE-SU-2021:3834-1)
2021-12-02 00:00:00
prion
prion
Code injection
2021-11-08 06:15:00
debiancve
debiancve
CVE-2021-41772
2021-11-08 06:15:08
cvelist
cvelist
CVE-2021-41772
2021-11-08 00:00:00
nvd
nvd
CVE-2021-41772
2021-11-08 06:15:08
freebsd
freebsd
go -- multiple vulnerabilities
2021-11-04 00:00:00
suse
suse
Security update for go1.16 (moderate)
2021-12-06 00:00:00
Security update for go1.16 (moderate)
2021-12-01 00:00:00
Security update for go1.17 (moderate)
2021-12-01 00:00:00
openvas
openvas
openSUSE: Security Advisory for go1.17 (openSUSE-SU-2021:3833-1)
2021-12-02 00:00:00
openSUSE: Security Advisory for go1.16 (openSUSE-SU-2021:3834-1)
2021-12-02 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:3834-1)
2021-12-02 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package golang version 1.17.3-alt1
2021-11-04 00:00:00
redhat
redhat
mageia
mageia
Updated golang packages fix security vulnerability
2021-12-03 21:45:31
photon
photon
Important Photon OS Security Update - PHSA-2021-3.0-0334
2021-11-21 00:00:00
Critical Photon OS Security Update - PHSA-2021-0130
2021-11-29 00:00:00
Critical Photon OS Security Update - PHSA-2021-4.0-0130
2021-11-28 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: golang-1.16.11-1.fc35
2021-12-16 01:18:21
[SECURITY] Fedora 34 Update: golang-1.16.11-1.fc34
2021-12-16 01:14:10
amazon
amazon
Important: golang
2022-04-25 15:59:00
Important: golang
2022-07-06 03:11:00
Important: golang
2022-04-25 03:47:00
oraclelinux
oraclelinux
go-toolset:ol8 security and bug fix update
2022-05-17 00:00:00
rocky
rocky
go-toolset:rhel8 security and bug fix update
2022-05-10 06:29:31
ics
ics
Siemens Brownfield Connectivity Gateway
2023-02-16 12:00:00
almalinux
almalinux
Moderate: go-toolset:rhel8 security and bug fix update
2022-05-10 06:29:31
gentoo
gentoo
Go: Multiple Vulnerabilities
2022-08-04 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2022
2022-07-19 00:00:00