Your submission was sent successfully! Close

CVE-2021-41772

Published: 8 November 2021

Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
golang-1.11
Launchpad, Ubuntu, Debian
trusty Ignored
(out of standard support)
upstream Needs triage

xenial Ignored
(out of standard support)
golang-1.15
Launchpad, Ubuntu, Debian
hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
trusty Ignored
(out of standard support)
upstream Needs triage

xenial Ignored
(out of standard support)
golang-1.16
Launchpad, Ubuntu, Debian
focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Does not exist

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Ignored
(out of standard support)
golang-1.17
Launchpad, Ubuntu, Debian
impish Ignored
(reached end-of-life)
jammy Needs triage

trusty Ignored
(out of standard support)
upstream
Released (1.17.3-1)
xenial Ignored
(out of standard support)
golang-1.7
Launchpad, Ubuntu, Debian
trusty Ignored
(out of standard support)
upstream Needs triage

xenial Ignored
(out of standard support)
golang-1.8
Launchpad, Ubuntu, Debian
bionic Needs triage

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Ignored
(out of standard support)