Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Debian LTS: Security Advisory for golang-1.8 (DLA-2891-1)

Information

Severity

Severity

Medium

Family

Family

Debian Local Security Checks

CVSSv2 Base

CVSSv2 Base

5.8

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Solution Type

Solution Type

Vendor Patch

Created

Created

2 years ago

Modified

Modified

2 years ago

Summary

The remote host is missing an update for the 'golang-1.8' package(s) announced via the DLA-2891-1 advisory.

Insight

Insight

Several vulnerabilities were discovered in the Go programming language. An attacker could trigger a denial-of-service (DoS) and information leak. CVE-2021-33196 In archive/zip, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic. CVE-2021-36221 Go has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort. CVE-2021-39293 Follow-up fix to CVE-2021-33196 CVE-2021-41771 ImportedSymbols in debug/macho (for Open or OpenFat) accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation. CVE-2021-44716 net/http allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests. CVE-2021-44717 Go on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.

Affected Software

Affected Software

'golang-1.8' package(s) on Debian Linux.

Detection Method

Detection Method

Checks if a vulnerable package version is present on the target host.

Solution

Solution

For Debian 9 stretch, these problems have been fixed in version 1.8.1-1+deb9u4. We recommend that you upgrade your golang-1.8 packages.