Unrated severityNVD Advisory· Published Nov 8, 2021· Updated Aug 4, 2024
CVE-2021-41772
CVE-2021-41772
Description
Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.
Affected products
20- Go/Godescription
- osv-coords19 versionspkg:bitnami/golangpkg:rpm/almalinux/delvepkg:rpm/almalinux/golangpkg:rpm/almalinux/golang-binpkg:rpm/almalinux/golang-docspkg:rpm/almalinux/golang-miscpkg:rpm/almalinux/golang-racepkg:rpm/almalinux/golang-srcpkg:rpm/almalinux/golang-testspkg:rpm/almalinux/go-toolsetpkg:rpm/opensuse/go1.16&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/go1.16&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/go1.16&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/go1.17&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/go1.17&distro=openSUSE%20Tumbleweedpkg:rpm/suse/go1.16&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP2pkg:rpm/suse/go1.16&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3pkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP2pkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3
< 1.16.10+ 18 more
- (no CPE)range: < 1.16.10
- (no CPE)range: < 1.7.2-1.module_el8.6.0+2736+ec10aba8
- (no CPE)range: < 1.17.7-1.module_el8.6.0+2736+ec10aba8
- (no CPE)range: < 1.17.7-1.module_el8.6.0+2736+ec10aba8
- (no CPE)range: < 1.17.7-1.module_el8.6.0+2736+ec10aba8
- (no CPE)range: < 1.17.7-1.module_el8.6.0+2736+ec10aba8
- (no CPE)range: < 1.17.7-1.module_el8.6.0+2736+ec10aba8
- (no CPE)range: < 1.17.7-1.module_el8.6.0+2736+ec10aba8
- (no CPE)range: < 1.17.7-1.module_el8.6.0+2736+ec10aba8
- (no CPE)range: < 1.17.7-1.module_el8.6.0+2736+ec10aba8
- (no CPE)range: < 1.16.10-lp152.17.1
- (no CPE)range: < 1.16.10-1.32.1
- (no CPE)range: < 1.16.10-1.1
- (no CPE)range: < 1.17.3-1.9.1
- (no CPE)range: < 1.17.3-1.1
- (no CPE)range: < 1.16.10-1.32.1
- (no CPE)range: < 1.16.10-1.32.1
- (no CPE)range: < 1.17.3-1.9.1
- (no CPE)range: < 1.17.3-1.9.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OFS3M3OFB24SWPTIAPARKGPUMQVUY6Z/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ON7BQRRJZBOR5TJHURBAB3WLF4YXFC6Z/mitrevendor-advisory
- security.gentoo.org/glsa/202208-02mitrevendor-advisory
- cert-portal.siemens.com/productcert/pdf/ssa-744259.pdfmitre
- groups.google.com/g/golang-announce/c/0fM21h43arcmitre
- security.netapp.com/advisory/ntap-20211210-0003/mitre
- www.oracle.com/security-alerts/cpujul2022.htmlmitre
News mentions
0No linked articles in our index yet.