Search CVE reports
61 – 62 of 62 results
CVE-2021-41772
Medium priorityGo before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.
6 affected packages
golang-1.11, golang-1.15, golang-1.16, golang-1.17, golang-1.7, golang-1.8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang-1.11 | — | — | — | — | Ignored |
golang-1.15 | — | — | — | — | Ignored |
golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation | Ignored |
golang-1.17 | Not in release | Needs evaluation | — | — | Ignored |
golang-1.7 | — | — | — | — | Ignored |
golang-1.8 | — | — | — | Needs evaluation | Ignored |
CVE-2021-41771
Low priorityImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.
6 affected packages
golang-1.11, golang-1.15, golang-1.16, golang-1.17, golang-1.7, golang-1.8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang-1.11 | — | — | — | — | Ignored |
golang-1.15 | — | — | — | — | Ignored |
golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation | Ignored |
golang-1.17 | Not in release | Needs evaluation | — | — | Ignored |
golang-1.7 | — | — | — | — | Ignored |
golang-1.8 | — | — | — | Needs evaluation | Ignored |