Published: 11/03/2021 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

archive/zip in Go 1.16.x prior to 1.16.1 allows malicious users to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename.

Vulnerable Product	Search on Vulmon	Subscribe to Product
golang go
fedoraproject fedora 34
fedoraproject fedora 35

A null pointer dereference vulnerability was found in golang When using the library's ssh server without specifying an option for GSSAPIWithMICConfig, it is possible for an attacker to craft an ssh client connection using the authentication method and cause the server to panic resulting in a denial of service The highest threat from this vulnera ...

archive/zip in Go 116x before 1161 allows attackers to cause a denial of service (panic) upon attempted use of the ReaderOpen API for a ZIP archive in which / occurs at the beginning of any filename ...

A security issue was found in Go before version 1161 The ReaderOpen API, new in Go 116, will panic when used on a ZIP archive containing files that start with “/” ...

NVD-CWE-noinfo https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw https://security.gentoo.org/glsa/202208-02 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MU47VKTNXX33ZDLTI2ORRUY3KLJKU6G/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HM7U5JNS5WU66Q3S26PFIU2ITB2ATTQ4/https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2022-1830.html

CVE-2021-27919

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect