rpm package
almalinux/golang-race
pkg:rpm/almalinux/golang-race
Vulnerabilities (45)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-44716 | — | < 1.16.12-1.module_el8.5.0+2604+960c7771 | 1.16.12-1.module_el8.5.0+2604+960c7771 | Jan 1, 2022 | net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests. | ||
| CVE-2021-41772 | — | < 1.17.7-1.module_el8.6.0+2736+ec10aba8 | 1.17.7-1.module_el8.6.0+2736+ec10aba8 | Nov 8, 2021 | Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field. | ||
| CVE-2021-41771 | — | < 1.17.7-1.module_el8.6.0+2736+ec10aba8 | 1.17.7-1.module_el8.6.0+2736+ec10aba8 | Nov 8, 2021 | ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation. | ||
| CVE-2021-38297 | — | < 1.17.7-1.module_el8.6.0+2736+ec10aba8 | 1.17.7-1.module_el8.6.0+2736+ec10aba8 | Oct 18, 2021 | Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used. | ||
| CVE-2021-33196 | — | < 1.17.7-1.module_el8.6.0+2736+ec10aba8 | 1.17.7-1.module_el8.6.0+2736+ec10aba8 | Aug 2, 2021 | In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic. |
- CVE-2021-44716Jan 1, 2022affected < 1.16.12-1.module_el8.5.0+2604+960c7771fixed 1.16.12-1.module_el8.5.0+2604+960c7771
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.
- CVE-2021-41772Nov 8, 2021affected < 1.17.7-1.module_el8.6.0+2736+ec10aba8fixed 1.17.7-1.module_el8.6.0+2736+ec10aba8
Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.
- CVE-2021-41771Nov 8, 2021affected < 1.17.7-1.module_el8.6.0+2736+ec10aba8fixed 1.17.7-1.module_el8.6.0+2736+ec10aba8
ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.
- CVE-2021-38297Oct 18, 2021affected < 1.17.7-1.module_el8.6.0+2736+ec10aba8fixed 1.17.7-1.module_el8.6.0+2736+ec10aba8
Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used.
- CVE-2021-33196Aug 2, 2021affected < 1.17.7-1.module_el8.6.0+2736+ec10aba8fixed 1.17.7-1.module_el8.6.0+2736+ec10aba8
In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic.
Page 3 of 3