Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf | |
https://groups.google.com/g/golang-announce/c/hcmEScgc00k | Patch Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html | |
https://security.gentoo.org/glsa/202208-02 | Third Party Advisory |
Configurations
History
08 Aug 2023, 14:22
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-404 |
20 Apr 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Oct 2022, 13:27
Type | Values Removed | Values Added |
---|---|---|
References | (GENTOO) https://security.gentoo.org/glsa/202208-02 - Third Party Advisory |
04 Aug 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Feb 2022, 15:11
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html - Mailing List, Third Party Advisory |
22 Jan 2022, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
18 Jan 2022, 19:50
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.8
v3 : 4.8 |
12 Jan 2022, 18:18
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:* cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* |
|
CWE | CWE-668 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
References | (CONFIRM) https://groups.google.com/g/golang-announce/c/hcmEScgc00k - Patch, Vendor Advisory |
01 Jan 2022, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-01-01 05:15
Updated : 2024-02-04 22:08
NVD link : CVE-2021-44717
Mitre link : CVE-2021-44717
CVE.ORG link : CVE-2021-44717
JSON object : View
Products Affected
golang
- go
debian
- debian_linux
opengroup
- unix
CWE
CWE-404
Improper Resource Shutdown or Release