rpm package
almalinux/delve
pkg:rpm/almalinux/delve
Vulnerabilities (67)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-41771 | — | < 1.7.2-1.module_el8.6.0+2736+ec10aba8 | 1.7.2-1.module_el8.6.0+2736+ec10aba8 | Nov 8, 2021 | ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation. | ||
| CVE-2021-38297 | — | < 1.7.2-1.module_el8.6.0+2736+ec10aba8 | 1.7.2-1.module_el8.6.0+2736+ec10aba8 | Oct 18, 2021 | Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used. | ||
| CVE-2021-36221 | — | < 1.6.0-1.module_el8.5.0+2604+960c7771 | 1.6.0-1.module_el8.5.0+2604+960c7771 | Aug 8, 2021 | Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort. | ||
| CVE-2021-33198 | — | < 1.6.0-1.module_el8.5.0+2604+960c7771 | 1.6.0-1.module_el8.5.0+2604+960c7771 | Aug 2, 2021 | In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method. | ||
| CVE-2021-33197 | — | < 1.6.0-1.module_el8.5.0+2604+960c7771 | 1.6.0-1.module_el8.5.0+2604+960c7771 | Aug 2, 2021 | In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers. | ||
| CVE-2021-33195 | — | < 1.6.0-1.module_el8.5.0+2604+960c7771 | 1.6.0-1.module_el8.5.0+2604+960c7771 | Aug 2, 2021 | Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format. | ||
| CVE-2021-33196 | — | < 1.7.2-1.module_el8.6.0+2736+ec10aba8 | 1.7.2-1.module_el8.6.0+2736+ec10aba8 | Aug 2, 2021 | In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic. |
- CVE-2021-41771Nov 8, 2021affected < 1.7.2-1.module_el8.6.0+2736+ec10aba8fixed 1.7.2-1.module_el8.6.0+2736+ec10aba8
ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.
- CVE-2021-38297Oct 18, 2021affected < 1.7.2-1.module_el8.6.0+2736+ec10aba8fixed 1.7.2-1.module_el8.6.0+2736+ec10aba8
Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used.
- CVE-2021-36221Aug 8, 2021affected < 1.6.0-1.module_el8.5.0+2604+960c7771fixed 1.6.0-1.module_el8.5.0+2604+960c7771
Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.
- CVE-2021-33198Aug 2, 2021affected < 1.6.0-1.module_el8.5.0+2604+960c7771fixed 1.6.0-1.module_el8.5.0+2604+960c7771
In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.
- CVE-2021-33197Aug 2, 2021affected < 1.6.0-1.module_el8.5.0+2604+960c7771fixed 1.6.0-1.module_el8.5.0+2604+960c7771
In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.
- CVE-2021-33195Aug 2, 2021affected < 1.6.0-1.module_el8.5.0+2604+960c7771fixed 1.6.0-1.module_el8.5.0+2604+960c7771
Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.
- CVE-2021-33196Aug 2, 2021affected < 1.7.2-1.module_el8.6.0+2736+ec10aba8fixed 1.7.2-1.module_el8.6.0+2736+ec10aba8
In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic.
Page 4 of 4