Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2021-33196

Published: 02/08/2021 Updated: 20/04/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Go

Vulnerability Summary

In archive/zip in Go prior to 1.15.13 and 1.16.x prior to 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

golang go

debian debian linux 9.0

Vendor Advisories

Debian CVElist Bug Report Logs: golang-1.16: CVE-2021-33196: archive/zip: malformed archive may cause panic or memory exhaustion
Debian Bug report logs - #989492 golang-116: CVE-2021-33196: archive/zip: malformed archive may cause panic or memory exhaustion Package: src:golang-116; Maintainer for src:golang-116 is Go Compiler Team <team+go-compiler@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 5 Jun 2 ...
Amazon Linux 2: ALAS2-2021-1694
A vulnerability was found in archive/zip of the Go standard library Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files (CVE-2021-33196) A flaw was found in golang A panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, ...
Red Hat: CVE-2021-33196
No description is available for this CVE ...
Arch Linux Issues:
A security issue has been found in Go Due to a pre-allocation optimization in zipNewReader, a malformed archive which indicates it has a significant number of files can cause either a panic or memory exhaustion ...
Amazon Linux 2022: ALAS2022-2022-009
A vulnerability was found in archive/zip of the Go standard library Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files (CVE-2021-33196) There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader() function An attacker who submits specially crafted ...

ICS Advisories

Siemens SCALANCE LPE9403 Third-Party Vulnerabilities

References

CWE-20https://groups.google.com/g/golang-announce/c/RgCMkAEQjSIhttps://groups.google.com/g/golang-announcehttps://lists.debian.org/debian-lts-announce/2022/01/msg00017.htmlhttps://lists.debian.org/debian-lts-announce/2022/01/msg00016.htmlhttps://security.gentoo.org/glsa/202208-02https://lists.debian.org/debian-lts-announce/2023/04/msg00021.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989492https://nvd.nist.govhttps://www.cisa.gov/uscert/ics/advisories/icsa-22-167-09https://alas.aws.amazon.com/AL2/ALAS-2021-1694.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-29895injectCVE-2023-52689CVE-2024-5049CVE-2024-5051privilege escalationphysicalCVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook