CVE-2021-41772
Summary
| CVE | CVE-2021-41772 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2021-11-08 06:15:00 UTC |
|---|
| Updated | 2023-11-07 03:39:00 UTC |
|---|
| Description | Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| [SECURITY] Fedora 34 Update: golang-1.16.11-1.fc34 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| [security] Go 1.17.3 and Go 1.16.10 are released |
MISC |
groups.google.com |
|
| [SECURITY] Fedora 35 Update: golang-1.16.11-1.fc35 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| [SECURITY] Fedora 34 Update: golang-1.16.11-1.fc34 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf |
MISC |
cert-portal.siemens.com |
|
| November 2021 Golang Vulnerabilities in NetApp Products | NetApp Product Security |
CONFIRM |
security.netapp.com |
|
| [SECURITY] Fedora 35 Update: golang-1.16.11-1.fc35 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| Go: Multiple Vulnerabilities (GLSA 202208-02) — Gentoo security |
GENTOO |
security.gentoo.org |
|
| Oracle Critical Patch Update Advisory - July 2022 |
N/A |
www.oracle.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159810 Oracle Enterprise Linux Security Update for go-toolset:ol8 (ELSA-2022-1819)
- 240276 Red Hat Update for go-toolset:rhel8 (RHSA-2022:1819)
- 282113 Fedora Security Update for golang (FEDORA-2021-2ef35beebf)
- 282114 Fedora Security Update for golang (FEDORA-2021-2b2dd1b5a7)
- 296063 Oracle Solaris 11.4 Support Repository Update (SRU) 45.119.2 Missing (CPUAPR2022)
- 353263 Amazon Linux Security Advisory for golang : ALAS2-2022-1776
- 353275 Amazon Linux Security Advisory for golang : ALAS-2022-1583
- 353977 Amazon Linux Security Advisory for golang : ALAS2-2022-1811
- 354401 Amazon Linux Security Advisory for golang : ALAS2022-2021-007
- 354527 Amazon Linux Security Advisory for golang : ALAS2022-2022-193
- 354566 Amazon Linux Security Advisory for golang : ALAS-2022-193
- 355212 Amazon Linux Security Advisory for golang : ALAS2023-2023-048
- 376057 GoLang Multiple Vulnerabilities
- 378883 Splunk Enterprise August Third Party Package Updates (SVD-2023-0808)
- 501855 Alpine Linux Security Update for go
- 502092 Alpine Linux Security Update for go
- 690227 Free Berkeley Software Distribution (FreeBSD) Security Update for go (930def19-3e05-11ec-9ba8-002324b2fba8)
- 710584 Gentoo Linux Go Multiple Vulnerabilities (GLSA 202208-02)
- 751425 OpenSUSE Security Update for go1.16 (openSUSE-SU-2021:3834-1)
- 751431 OpenSUSE Security Update for go1.17 (openSUSE-SU-2021:3833-1)
- 751461 OpenSUSE Security Update for go1.16 (openSUSE-SU-2021:1539-1)
- 900449 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (6177)
- 901941 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (6452-1)
- 907773 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (6177-1)
- 907830 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (6452-2)
- 940527 AlmaLinux Security Update for go-toolset:rhel8 (ALSA-2022:1819)
- 960394 Rocky Linux Security Update for go-toolset:rhel8 (RLSA-2022:1819)
