security/vuxml: Document lang/go vulnerability
This commit is contained in:
parent
1817b81260
commit
07472321de
@ -1,3 +1,33 @@
|
||||
<vuln vid="4ea1082a-1259-11ec-b4fa-dd5a552bdd17">
|
||||
<topic>go -- archive/zip: overflow in preallocation check can cause OOM panic</topic>
|
||||
<affects>
|
||||
<package>
|
||||
<name>go</name>
|
||||
<range><lt>1.17.1,1</lt></range>
|
||||
</package>
|
||||
</affects>
|
||||
<description>
|
||||
<body xmlns="http://www.w3.org/1999/xhtml">
|
||||
<p>The Go project reports:</p>
|
||||
<blockquote cite="https://github.com/golang/go/issues/47801">
|
||||
<p>An oversight in the previous fix still allows for an OOM
|
||||
panic when the indicated directory size in the archive
|
||||
header is so large that subtracting it from the archive
|
||||
size overflows a uint64, effectively bypassing the check
|
||||
that the number of files in the archive is reasonable.</p>
|
||||
</blockquote>
|
||||
</body>
|
||||
</description>
|
||||
<references>
|
||||
<cvename>CVE-2021-39293</cvename>
|
||||
<url>https://github.com/golang/go/issues/47801</url>
|
||||
</references>
|
||||
<dates>
|
||||
<discovery>2021-08-18</discovery>
|
||||
<entry>2021-09-10</entry>
|
||||
</dates>
|
||||
</vuln>
|
||||
|
||||
<vuln vid="145ce848-1165-11ec-ac7e-08002789875b">
|
||||
<topic>Python -- multiple vulnerabilities</topic>
|
||||
<affects>
|
||||
|
Loading…
Reference in New Issue
Block a user