rpm package
almalinux/delve
pkg:rpm/almalinux/delve
Vulnerabilities (70)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-44717 | Med | 4.8 | < 1.6.0-1.module_el8.5.0+2604+960c7771 | 1.6.0-1.module_el8.5.0+2604+960c7771 | Jan 1, 2022 | Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion. | |
| CVE-2021-44716 | Hig | 7.5 | < 1.6.0-1.module_el8.5.0+2604+960c7771 | 1.6.0-1.module_el8.5.0+2604+960c7771 | Jan 1, 2022 | net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests. | |
| CVE-2021-41772 | Hig | 7.5 | < 1.7.2-1.module_el8.6.0+2736+ec10aba8 | 1.7.2-1.module_el8.6.0+2736+ec10aba8 | Nov 8, 2021 | Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field. | |
| CVE-2021-41771 | Hig | 7.5 | < 1.7.2-1.module_el8.6.0+2736+ec10aba8 | 1.7.2-1.module_el8.6.0+2736+ec10aba8 | Nov 8, 2021 | ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation. | |
| CVE-2021-38297 | Cri | 9.8 | < 1.7.2-1.module_el8.6.0+2736+ec10aba8 | 1.7.2-1.module_el8.6.0+2736+ec10aba8 | Oct 18, 2021 | Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used. | |
| CVE-2021-36221 | Med | 5.9 | < 1.6.0-1.module_el8.5.0+2604+960c7771 | 1.6.0-1.module_el8.5.0+2604+960c7771 | Aug 8, 2021 | Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort. | |
| CVE-2021-33198 | Hig | 7.5 | < 1.6.0-1.module_el8.5.0+2604+960c7771 | 1.6.0-1.module_el8.5.0+2604+960c7771 | Aug 2, 2021 | In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method. | |
| CVE-2021-33197 | Med | 5.3 | < 1.6.0-1.module_el8.5.0+2604+960c7771 | 1.6.0-1.module_el8.5.0+2604+960c7771 | Aug 2, 2021 | In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers. | |
| CVE-2021-33196 | Hig | 7.5 | < 1.7.2-1.module_el8.6.0+2736+ec10aba8 | 1.7.2-1.module_el8.6.0+2736+ec10aba8 | Aug 2, 2021 | In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic. | |
| CVE-2021-33195 | Hig | 7.3 | < 1.6.0-1.module_el8.5.0+2604+960c7771 | 1.6.0-1.module_el8.5.0+2604+960c7771 | Aug 2, 2021 | Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format. |
- affected < 1.6.0-1.module_el8.5.0+2604+960c7771fixed 1.6.0-1.module_el8.5.0+2604+960c7771
Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.
- affected < 1.6.0-1.module_el8.5.0+2604+960c7771fixed 1.6.0-1.module_el8.5.0+2604+960c7771
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.
- affected < 1.7.2-1.module_el8.6.0+2736+ec10aba8fixed 1.7.2-1.module_el8.6.0+2736+ec10aba8
Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.
- affected < 1.7.2-1.module_el8.6.0+2736+ec10aba8fixed 1.7.2-1.module_el8.6.0+2736+ec10aba8
ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.
- affected < 1.7.2-1.module_el8.6.0+2736+ec10aba8fixed 1.7.2-1.module_el8.6.0+2736+ec10aba8
Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used.
- affected < 1.6.0-1.module_el8.5.0+2604+960c7771fixed 1.6.0-1.module_el8.5.0+2604+960c7771
Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.
- affected < 1.6.0-1.module_el8.5.0+2604+960c7771fixed 1.6.0-1.module_el8.5.0+2604+960c7771
In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.
- affected < 1.6.0-1.module_el8.5.0+2604+960c7771fixed 1.6.0-1.module_el8.5.0+2604+960c7771
In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.
- affected < 1.7.2-1.module_el8.6.0+2736+ec10aba8fixed 1.7.2-1.module_el8.6.0+2736+ec10aba8
In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic.
- affected < 1.6.0-1.module_el8.5.0+2604+960c7771fixed 1.6.0-1.module_el8.5.0+2604+960c7771
Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.
Page 4 of 4