CVE-2021-41771

ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
Affected Products (NVD)
VendorProductVersion
golanggo
𝑥
< 1.16.10
golanggo
1.17.0 ≤
𝑥
< 1.17.3
debiandebian_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
golang-1.15
bullseye
1.15.15-1~deb11u4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
golang-1.11
trusty
ignored
xenial
ignored
golang-1.15
hirsute
ignored
impish
ignored
trusty
ignored
xenial
ignored
golang-1.16
bionic
needs-triage
focal
needs-triage
hirsute
ignored
impish
ignored
jammy
dne
kinetic
dne
lunar
dne
mantic
dne
noble
dne
trusty
ignored
xenial
ignored
golang-1.17
impish
ignored
jammy
needs-triage
kinetic
dne
lunar
dne
mantic
dne
noble
dne
trusty
ignored
xenial
ignored
golang-1.7
trusty
ignored
xenial
ignored
golang-1.8
bionic
needs-triage
trusty
ignored
xenial
ignored
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
golang
Amazon Linux 1
0:1.16.15-1.37.amzn1
fixed
Amazon Linux 2
0:1.16.15-1.amzn2.0.1
fixed
Amazon Linux 2023
0:1.19.3-2.amzn2023.0.2
fixed
golang-bin
Amazon Linux 1
0:1.16.15-1.37.amzn1
fixed
Amazon Linux 2
0:1.16.15-1.amzn2.0.1
fixed
Amazon Linux 2023
0:1.19.3-2.amzn2023.0.2
fixed
golang-docs
Amazon Linux 1
0:1.16.15-1.37.amzn1
fixed
Amazon Linux 2
0:1.16.15-1.amzn2.0.1
fixed
Amazon Linux 2023
0:1.19.3-2.amzn2023.0.2
fixed
golang-misc
Amazon Linux 1
0:1.16.15-1.37.amzn1
fixed
Amazon Linux 2
0:1.16.15-1.amzn2.0.1
fixed
Amazon Linux 2023
0:1.19.3-2.amzn2023.0.2
fixed
golang-race
Amazon Linux 1
0:1.16.15-1.37.amzn1
fixed
Amazon Linux 2
0:1.16.15-1.amzn2.0.1
fixed
Amazon Linux 2023
0:1.19.3-2.amzn2023.0.2
fixed
golang-shared
Amazon Linux 1
0:1.16.15-1.37.amzn1
fixed
Amazon Linux 2
0:1.16.15-1.amzn2.0.1
fixed
Amazon Linux 2023
0:1.19.3-2.amzn2023.0.2
fixed
golang-src
Amazon Linux 1
0:1.16.15-1.37.amzn1
fixed
Amazon Linux 2
0:1.16.15-1.amzn2.0.1
fixed
Amazon Linux 2023
0:1.19.3-2.amzn2023.0.2
fixed
golang-tests
Amazon Linux 1
0:1.16.15-1.37.amzn1
fixed
Amazon Linux 2
0:1.16.15-1.amzn2.0.1
fixed
Amazon Linux 2023
0:1.19.3-2.amzn2023.0.2
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
golang
CBL-Mariner 1.0
0:1.16.10-1.cm1
fixed
CBL-Mariner 2.0
0:1.17.8-1.cm2
fixed
python-tensorboard
Azure Linux 3.0
0:2.16.2-2.azl3
fixed