Unrated severityNVD Advisory· Published Mar 11, 2021· Updated Aug 3, 2024

CVE-2021-27919

Description

archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename.

Affected products

Go/Godescription
osv-coords3 versions
pkg:bitnami/golang pkg:rpm/opensuse/go1.16&distro=openSUSE%20Tumbleweed pkg:rpm/suse/go1.16&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP2
>= 1.16.0, < 1.16.1+ 2 more
- (no CPE)range: >= 1.16.0, < 1.16.1
- (no CPE)range: < 1.16.8-1.1
- (no CPE)range: < 1.16.2-1.8.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MU47VKTNXX33ZDLTI2ORRUY3KLJKU6G/mitrevendor-advisoryx_refsource_FEDORA
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HM7U5JNS5WU66Q3S26PFIU2ITB2ATTQ4/mitrevendor-advisoryx_refsource_FEDORA
security.gentoo.org/glsa/202208-02mitrevendor-advisoryx_refsource_GENTOO
groups.google.com/g/golang-announce/c/MfiLYjG-RAwmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000