Published: 24/01/2022 Updated: 20/04/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

In archive/zip in Go prior to 1.16.8 and 1.17.x prior to 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196.

Vulnerable Product	Search on Vulmon	Subscribe to Product
golang go
netapp cloud insights telegraf -

Synopsis Low: OpenShift Container Platform 4923 bug fix and security update Type/Severity Security Advisory: Low Topic Red Hat OpenShift Container Platform release 4923 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Container Plat ...

Synopsis Moderate: Release of OpenShift Serverless Client kn 1200 Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Release of OpenShift Serverless Client kn 1200Red Hat Product Security has rated this update as having a ...

Synopsis Moderate: Migration Toolkit for Containers (MTC) 165 security and bug fix update Type/Severity Security Advisory: Moderate Topic The Migration Toolkit for Containers (MTC) 165 is now availableRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...

Synopsis Moderate: Release of OpenShift Serverless 1200 Type/Severity Security Advisory: Moderate Topic Release of OpenShift Serverless 1200Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available fo ...

A null pointer dereference vulnerability was found in golang When using the library's ssh server without specifying an option for GSSAPIWithMICConfig, it is possible for an attacker to craft an ssh client connection using the authentication method and cause the server to panic resulting in a denial of service The highest threat from this vulnera ...

A validation flaw was found in golang When invoking functions from WASM modules built using GOARCH=wasm GOOS=js, passing very large arguments can cause portions of the module to be overwritten with data from the arguments The highest threat from this vulnerability is to integrity (CVE-2021-38297) A vulnerability was found in archive/zip of the G ...

A security issue has been found in go before version 1171 An oversight in the fix for CVE-2021-33196 still allows for an out of memory panic when the indicated directory size in the archive header is so large that subtracting it from the archive size overflows a uint64, effectively bypassing the check that the number of files in the archive is r ...

CWE-770 https://groups.google.com/g/golang-announce/c/dx9d7IOseHw https://security.netapp.com/advisory/ntap-20220217-0009/https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2022:0655 https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-09 https://alas.aws.amazon.com/AL2/ALAS-2022-1830.html

CVE-2021-39293

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

References

Vulmon Search

About

Products

Connect