Your submission was sent successfully! Close

CVE-2021-41771

Published: 8 November 2021

ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.

Notes

AuthorNote
amurray
No other packages in the Ubuntu archive appear to call File.ImportedSymbols() at all let alone on arbitrary input files so setting the priority of this CVE to low.
Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
golang-1.11
Launchpad, Ubuntu, Debian
trusty Ignored
(out of standard support)
upstream Needs triage

xenial Ignored
(out of standard support)
golang-1.15
Launchpad, Ubuntu, Debian
hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
trusty Ignored
(out of standard support)
upstream Needs triage

xenial Ignored
(out of standard support)
golang-1.16
Launchpad, Ubuntu, Debian
focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Does not exist

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Ignored
(out of standard support)
golang-1.17
Launchpad, Ubuntu, Debian
impish Ignored
(reached end-of-life)
jammy Needs triage

trusty Ignored
(out of standard support)
upstream
Released (1.17.3-1)
xenial Ignored
(out of standard support)
golang-1.7
Launchpad, Ubuntu, Debian
trusty Ignored
(out of standard support)
upstream Needs triage

xenial Ignored
(out of standard support)
golang-1.8
Launchpad, Ubuntu, Debian
bionic Needs triage

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Ignored
(out of standard support)