In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196.
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf | |
https://groups.google.com/g/golang-announce/c/dx9d7IOseHw | Issue Tracking Release Notes Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html | |
https://security.netapp.com/advisory/ntap-20220217-0009/ | Third Party Advisory |
Configurations
History
20 Apr 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Jun 2022, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Mar 2022, 21:27
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:netapp:cloud_insights_telegraf:-:*:*:*:*:*:*:* | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220217-0009/ - Third Party Advisory |
17 Feb 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
28 Jan 2022, 13:39
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CPE | cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* | |
CWE | CWE-770 | |
References | (CONFIRM) https://groups.google.com/g/golang-announce/c/dx9d7IOseHw - Issue Tracking, Release Notes, Third Party Advisory |
24 Jan 2022, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-01-24 01:15
Updated : 2024-02-04 22:08
NVD link : CVE-2021-39293
Mitre link : CVE-2021-39293
CVE.ORG link : CVE-2021-39293
JSON object : View
Products Affected
netapp
- cloud_insights_telegraf
golang
- go
CWE
CWE-770
Allocation of Resources Without Limits or Throttling