go1.16 (SUSE:Linux Enterprise Module for Development Tools 15 SP2) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Development Tools 15 SP2 package go1.16, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (15)
CVE-2021-38297 — CVSS 9.8 (critical): Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when…
CVE-2021-44716 — CVSS 7.5 (high): net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via…
CVE-2021-41772 — CVSS 7.5 (high): Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or…
CVE-2021-33196 — CVSS 7.5 (high): In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or…
CVE-2021-41771 — CVSS 7.5 (high): ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End…
CVE-2021-33198 — CVSS 7.5 (high): In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText…
CVE-2021-27918 — CVSS 7.5 (high): encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns…
CVE-2021-39293 — CVSS 7.5 (high): In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can…
CVE-2021-33195 — CVSS 7.3 (high): Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return…
CVE-2021-34558 — CVSS 6.5 (medium): The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the…
CVE-2021-36221 — CVSS 5.9 (medium): Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an…
CVE-2021-31525 — CVSS 5.9 (medium): net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to…
CVE-2021-27919 — CVSS 5.5 (medium): archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for…
CVE-2021-33197 — CVSS 5.3 (medium): In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an…
CVE-2021-44717 — CVSS 4.8 (medium): Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a…