Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

61 – 63 of 63 results


CVE-2021-44716

Medium priority

Some fixes available 5 of 21

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.

8 affected packages

golang-1.11, golang-1.15, golang-1.17, golang-1.7, golang-1.8...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-1.11 Not in release Not in release Not in release Not in release Ignored
golang-1.15 Not in release Not in release Ignored
golang-1.17 Not in release Vulnerable Not in release Not in release Ignored
golang-1.7 Not in release Not in release Not in release Not in release Ignored
golang-1.8 Not in release Not in release Not in release Vulnerable Ignored
golang-golang-x-net Not affected Not affected Not in release Not in release Not in release
golang-golang-x-net-dev Not in release Not in release Vulnerable Vulnerable Needs evaluation
google-guest-agent Fixed Fixed Fixed Vulnerable Vulnerable
Show all 8 packages Show less packages

CVE-2021-41772

Medium priority
Needs evaluation

Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.

6 affected packages

golang-1.11, golang-1.15, golang-1.16, golang-1.17, golang-1.7, golang-1.8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-1.11 Ignored
golang-1.15 Ignored
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation Ignored
golang-1.17 Not in release Needs evaluation Ignored
golang-1.7 Ignored
golang-1.8 Needs evaluation Ignored
Show less packages

CVE-2021-41771

Low priority
Needs evaluation

ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.

6 affected packages

golang-1.11, golang-1.15, golang-1.16, golang-1.17, golang-1.7, golang-1.8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-1.11 Ignored
golang-1.15 Ignored
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation Ignored
golang-1.17 Not in release Needs evaluation Ignored
golang-1.7 Ignored
golang-1.8 Needs evaluation Ignored
Show less packages