In archive/zip in Go prior to 1.16.8 and 1.17.x prior to 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
golang go |
||
netapp cloud insights telegraf - |