rpm package
suse/go1.15&distro=SUSE Linux Enterprise Module for Development Tools 15 SP3
pkg:rpm/suse/go1.15&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-36221 | — | < 1.15.15-1.39.1 | 1.15.15-1.39.1 | Aug 8, 2021 | Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort. | ||
| CVE-2021-33198 | — | < 1.15.13-1.33.1 | 1.15.13-1.33.1 | Aug 2, 2021 | In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method. | ||
| CVE-2021-33197 | — | < 1.15.13-1.33.1 | 1.15.13-1.33.1 | Aug 2, 2021 | In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers. | ||
| CVE-2021-33195 | — | < 1.15.13-1.33.1 | 1.15.13-1.33.1 | Aug 2, 2021 | Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format. | ||
| CVE-2021-33196 | — | < 1.15.13-1.33.1 | 1.15.13-1.33.1 | Aug 2, 2021 | In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic. | ||
| CVE-2021-34558 | — | < 1.15.14-1.36.1 | 1.15.14-1.36.1 | Jul 15, 2021 | The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic. | ||
| CVE-2021-31525 | — | < 1.15.12-1.30.1 | 1.15.12-1.30.1 | May 27, 2021 | net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations. |
- CVE-2021-36221Aug 8, 2021affected < 1.15.15-1.39.1fixed 1.15.15-1.39.1
Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.
- CVE-2021-33198Aug 2, 2021affected < 1.15.13-1.33.1fixed 1.15.13-1.33.1
In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.
- CVE-2021-33197Aug 2, 2021affected < 1.15.13-1.33.1fixed 1.15.13-1.33.1
In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.
- CVE-2021-33195Aug 2, 2021affected < 1.15.13-1.33.1fixed 1.15.13-1.33.1
Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.
- CVE-2021-33196Aug 2, 2021affected < 1.15.13-1.33.1fixed 1.15.13-1.33.1
In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic.
- CVE-2021-34558Jul 15, 2021affected < 1.15.14-1.36.1fixed 1.15.14-1.36.1
The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.
- CVE-2021-31525May 27, 2021affected < 1.15.12-1.30.1fixed 1.15.12-1.30.1
net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.