Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2021-41771

Published: 8 November 2021

ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.

Notes

AuthorNote
alexmurray
No other packages in the Ubuntu archive appear to call File.ImportedSymbols() at all let alone on arbitrary input files so setting the priority of this CVE to low.

Priority

Low

Cvss 3 Severity Score

7.5

Score breakdown

Status

Package Release Status
golang-1.11
Launchpad, Ubuntu, Debian
trusty Ignored
(out of standard support)
upstream Needs triage

xenial Ignored
(out of standard support)
golang-1.15
Launchpad, Ubuntu, Debian
hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
trusty Ignored
(out of standard support)
upstream Needs triage

xenial Ignored
(out of standard support)
golang-1.16
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Does not exist

kinetic Does not exist

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Ignored
(out of standard support)
golang-1.17
Launchpad, Ubuntu, Debian
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Does not exist

trusty Ignored
(out of standard support)
upstream
Released (1.17.3-1)
xenial Ignored
(out of standard support)
golang-1.7
Launchpad, Ubuntu, Debian
trusty Ignored
(out of standard support)
upstream Needs triage

xenial Ignored
(out of standard support)
golang-1.8
Launchpad, Ubuntu, Debian
bionic Needs triage

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Ignored
(out of standard support)

Severity score breakdown

Parameter Value
Base score 7.5
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H