CVE-2021-39293
24.01.2022, 01:15
In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196.Enginsight
| Vendor | Product | Version |
|---|---|---|
| golang | go | 𝑥 < 1.16.8 |
| golang | go | 1.17.0 ≤ 𝑥 < 1.17.1 |
| netapp | cloud_insights_telegraf | - |
𝑥
= Vulnerable software versions
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| golang-1.11 |
| ||||||||||||||||||||||
| golang-1.15 |
| ||||||||||||||||||||||
| golang-1.16 |
| ||||||||||||||||||||||
| golang-1.17 |
| ||||||||||||||||||||||
| golang-1.7 |
| ||||||||||||||||||||||
| golang-1.8 |
|
References