Candidate: CVE-2021-39293
PublicDate: 2022-01-24 01:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39293
 https://github.com/golang/go/issues/47801
 https://github.com/golang/go/commit/1dd24caf08985066b309af6bc461780c73e05c35 (1.17.1)
 https://github.com/golang/go/commit/6c480017ae600b2c90a264a922e041df04dfa785 (1.16.8)
Description:
 In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted
 archive header (falsely designating that many files are present) can cause
 a NewReader or OpenReader panic. NOTE: this issue exists because of an
 incomplete fix for CVE-2021-33196.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_golang-1.17:
upstream_golang-1.17: released (1.17.1-1)
trusty_golang-1.17: ignored (out of standard support)
trusty/esm_golang-1.17: DNE
xenial_golang-1.17: ignored (out of standard support)
bionic_golang-1.17: DNE
focal_golang-1.17: DNE
hirsute_golang-1.17: DNE
impish_golang-1.17: not-affected (1.17-1ubuntu1)
jammy_golang-1.17: not-affected (1.17-1ubuntu1)
devel_golang-1.17: not-affected (1.17-1ubuntu1)

Patches_golang-1.16:
upstream_golang-1.16: released (1.16.8-1)
trusty_golang-1.16: ignored (out of standard support)
trusty/esm_golang-1.16: DNE
xenial_golang-1.16: ignored (out of standard support)
bionic_golang-1.16: DNE
focal_golang-1.16: needs-triage
hirsute_golang-1.16: ignored (reached end-of-life)
impish_golang-1.16: needs-triage
jammy_golang-1.16: DNE
devel_golang-1.16: DNE

Patches_golang-1.15:
upstream_golang-1.15: released (1.15.15-2)
trusty_golang-1.15: ignored (out of standard support)
trusty/esm_golang-1.15: DNE
xenial_golang-1.15: ignored (out of standard support)
bionic_golang-1.15: DNE
focal_golang-1.15: DNE
hirsute_golang-1.15: ignored (reached end-of-life)
impish_golang-1.15: needs-triage

Patches_golang-1.11:
upstream_golang-1.11: needs-triage
trusty_golang-1.11: ignored (out of standard support)
trusty/esm_golang-1.11: DNE
xenial_golang-1.11: ignored (out of standard support)
bionic_golang-1.11: DNE
focal_golang-1.11: DNE
hirsute_golang-1.11: DNE
impish_golang-1.11: DNE
jammy_golang-1.11: DNE
devel_golang-1.11: DNE

Patches_golang-1.8:
upstream_golang-1.8: needs-triage
trusty_golang-1.8: ignored (out of standard support)
trusty/esm_golang-1.8: DNE
xenial_golang-1.8: ignored (out of standard support)
bionic_golang-1.8: needs-triage
focal_golang-1.8: DNE
hirsute_golang-1.8: DNE
impish_golang-1.8: DNE
jammy_golang-1.8: DNE
devel_golang-1.8: DNE

Patches_golang-1.7:
upstream_golang-1.7: needs-triage
trusty_golang-1.7: ignored (out of standard support)
trusty/esm_golang-1.7: DNE
xenial_golang-1.7: ignored (out of standard support)
bionic_golang-1.7: DNE
focal_golang-1.7: DNE
hirsute_golang-1.7: DNE
impish_golang-1.7: DNE
jammy_golang-1.7: DNE
devel_golang-1.7: DNE