Zip Archive Handling Vulnerability in Go Programming Language
CVE-2021-41772

7.5HIGH

Key Information:

Vendor: Golang
Status: Go
Vendor: CVE Published:; 8 November 2021

What is CVE-2021-41772?

A vulnerability in Go's Zip handling allows for panic during the reading of crafted ZIP archives, specifically those containing invalid names or empty filename fields. This behavior can lead to unexpected application crashes and impact system stability. It is crucial to update to the latest versions to mitigate this risk and ensure safe handling of file archives.

References

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

https://www.oracle.com/security-alerts/cpujul2022.html

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 8, 2021
Vulnerability Reserved
Sep 28, 2021

Golang

What is CVE-2021-41772?

References

CVSS V3.1

Timeline