File Descriptor Vulnerability in Go on UNIX Systems
CVE-2021-44717

4.8MEDIUM

Key Information:

Vendor: Golang
Status: Go
Vendor: CVE Published:; 1 January 2022

What is CVE-2021-44717?

A vulnerability in the Go programming language, experienced on UNIX systems, allows for unintended write operations to files or network connections. This issue arises from improper closure of file descriptor 0 due to file-descriptor exhaustion. If exploited, attackers may gain unauthorized access to sensitive files or establish connections without consent, putting systems at risk.

References

https://groups.google.com/g/golang-announce/c/hcmEScgc00k

https://lists.debian.org/debian-lts-announce/2022/01/msg0...

mailing-list

https://lists.debian.org/debian-lts-announce/2022/01/msg0...

mailing-list

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 1, 2022
Vulnerability Reserved
Dec 7, 2021

Golang

What is CVE-2021-44717?

References

CVSS V3.1

Timeline