VYPR

rpm package

almalinux/delve

pkg:rpm/almalinux/delve

Vulnerabilities (70)

  • CVE-2021-44717MedJan 1, 2022
    affected < 1.6.0-1.module_el8.5.0+2604+960c7771fixed 1.6.0-1.module_el8.5.0+2604+960c7771

    Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.

  • CVE-2021-44716HigJan 1, 2022
    affected < 1.6.0-1.module_el8.5.0+2604+960c7771fixed 1.6.0-1.module_el8.5.0+2604+960c7771

    net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.

  • CVE-2021-41772HigNov 8, 2021
    affected < 1.7.2-1.module_el8.6.0+2736+ec10aba8fixed 1.7.2-1.module_el8.6.0+2736+ec10aba8

    Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.

  • CVE-2021-41771HigNov 8, 2021
    affected < 1.7.2-1.module_el8.6.0+2736+ec10aba8fixed 1.7.2-1.module_el8.6.0+2736+ec10aba8

    ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.

  • CVE-2021-38297CriOct 18, 2021
    affected < 1.7.2-1.module_el8.6.0+2736+ec10aba8fixed 1.7.2-1.module_el8.6.0+2736+ec10aba8

    Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used.

  • CVE-2021-36221MedAug 8, 2021
    affected < 1.6.0-1.module_el8.5.0+2604+960c7771fixed 1.6.0-1.module_el8.5.0+2604+960c7771

    Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.

  • CVE-2021-33198HigAug 2, 2021
    affected < 1.6.0-1.module_el8.5.0+2604+960c7771fixed 1.6.0-1.module_el8.5.0+2604+960c7771

    In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.

  • CVE-2021-33197MedAug 2, 2021
    affected < 1.6.0-1.module_el8.5.0+2604+960c7771fixed 1.6.0-1.module_el8.5.0+2604+960c7771

    In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.

  • CVE-2021-33196HigAug 2, 2021
    affected < 1.7.2-1.module_el8.6.0+2736+ec10aba8fixed 1.7.2-1.module_el8.6.0+2736+ec10aba8

    In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic.

  • CVE-2021-33195HigAug 2, 2021
    affected < 1.6.0-1.module_el8.5.0+2604+960c7771fixed 1.6.0-1.module_el8.5.0+2604+960c7771

    Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.

Page 4 of 4