Open Source Language Vulnerability in Go by Google
CVE-2021-41771

7.5HIGH

Key Information:

Vendor

Golang

Status
Go
Vendor
CVE Published:
8 November 2021

What is CVE-2021-41771?

The vulnerability arises from the ImportedSymbols function in debug/macho, which allows access to a memory location beyond the allocated buffer. This flaw can be exploited by carefully crafted inputs that could potentially lead to unauthorized access or data corruption. Affected versions include Go prior to 1.16.10 and 1.17.x before 1.17.3. It is essential for users and administrators of Go to apply the necessary updates to mitigate these risks.

References

https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/01/msg0...
mailing-list

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.