CVE search results

61 – 65 of 65 results

Detailed view

Sort by:

CVE-2021-39293

Medium priority

Needs evaluation

In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete...

6 affected packages

golang-1.11, golang-1.15, golang-1.16, golang-1.17, golang-1.7, golang-1.8

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang-1.11	Not in release	Not in release	Not in release	Not in release	Ignored
golang-1.15	—	—	Not in release	Not in release	Ignored
golang-1.16	Not in release	Not in release	Needs evaluation	Needs evaluation	Ignored
golang-1.17	Not in release	Not affected	Not in release	Not in release	Ignored
golang-1.7	Not in release	Not in release	Not in release	Not in release	Ignored
golang-1.8	Not in release	Not in release	Not in release	Needs evaluation	Ignored

CVE-2021-44717

Medium priority

Vulnerable

Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.

5 affected packages

golang-1.11, golang-1.15, golang-1.17, golang-1.7, golang-1.8

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang-1.11	Not in release	Not in release	Not in release	Not in release	Ignored
golang-1.15	—	—	Not in release	Not in release	Ignored
golang-1.17	Not in release	Vulnerable	Not in release	Not in release	Ignored
golang-1.7	Not in release	Not in release	Not in release	Not in release	Ignored
golang-1.8	Not in release	Not in release	Not in release	Vulnerable	Ignored

CVE-2021-44716

Medium priority

Some fixes available 5 of 21

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.

8 affected packages

golang-1.11, golang-1.15, golang-1.17, golang-1.7, golang-1.8...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang-1.11	Not in release	Not in release	Not in release	Not in release	Ignored
golang-1.15	—	—	Not in release	Not in release	Ignored
golang-1.17	Not in release	Vulnerable	Not in release	Not in release	Ignored
golang-1.7	Not in release	Not in release	Not in release	Not in release	Ignored
golang-1.8	Not in release	Not in release	Not in release	Vulnerable	Ignored
golang-golang-x-net	Not affected	Not affected	Not in release	Not in release	Not in release
golang-golang-x-net-dev	Not in release	Not in release	Vulnerable	Vulnerable	Needs evaluation
google-guest-agent	Fixed	Fixed	Fixed	Vulnerable	Vulnerable

CVE-2021-41772

Medium priority

Needs evaluation

Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.

6 affected packages

golang-1.11, golang-1.15, golang-1.16, golang-1.17, golang-1.7, golang-1.8

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang-1.11	—	—	—	—	Ignored
golang-1.15	—	—	—	—	Ignored
golang-1.16	Not in release	Not in release	Needs evaluation	Needs evaluation	Ignored
golang-1.17	Not in release	Needs evaluation	—	—	Ignored
golang-1.7	—	—	—	—	Ignored
golang-1.8	—	—	—	Needs evaluation	Ignored

CVE-2021-41771

Low priority

Needs evaluation

ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.

6 affected packages

golang-1.11, golang-1.15, golang-1.16, golang-1.17, golang-1.7, golang-1.8

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang-1.11	—	—	—	—	Ignored
golang-1.15	—	—	—	—	Ignored
golang-1.16	Not in release	Not in release	Needs evaluation	Needs evaluation	Ignored
golang-1.17	Not in release	Needs evaluation	—	—	Ignored
golang-1.7	—	—	—	—	Ignored
golang-1.8	—	—	—	Needs evaluation	Ignored

Export to JSON

Results by page:

Search CVE reports