CVE Vulnerabilities

CVE-2021-27919

Published: Mar 11, 2021 | Modified: Nov 07, 2023
CVSS 3.x
5.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
5.5 MODERATE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM

archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename.

Affected Software

Name Vendor Start Version End Version
Go Golang 1.16.0 (including) 1.16.1 (excluding)
Golang Ubuntu trusty *
Golang-1.10 Ubuntu bionic *
Golang-1.10 Ubuntu trusty *
Golang-1.10 Ubuntu xenial *
Golang-1.13 Ubuntu bionic *
Golang-1.13 Ubuntu groovy *
Golang-1.13 Ubuntu hirsute *
Golang-1.13 Ubuntu impish *
Golang-1.13 Ubuntu kinetic *
Golang-1.13 Ubuntu xenial *
Golang-1.14 Ubuntu groovy *
Golang-1.14 Ubuntu hirsute *
Golang-1.15 Ubuntu groovy *
Golang-1.15 Ubuntu hirsute *
Golang-1.15 Ubuntu impish *
Golang-1.6 Ubuntu trusty *
Golang-1.6 Ubuntu xenial *
Golang-1.8 Ubuntu bionic *
Golang-1.9 Ubuntu bionic *

References