Candidate: CVE-2021-41771 PublicDate: 2021-11-08 06:15:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41771 https://github.com/golang/go/issues/48990 https://groups.google.com/g/golang-announce/c/0fM21h43arc https://github.com/golang/go/commit/4a842985bf3f71d93a2b1340d9d6685bebc12b6b (go1.17.3) https://github.com/golang/go/commit/d19c5bdb24e093a2d5097b7623284eb02726cede (go1.16.10) Description: ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation. Ubuntu-Description: Notes: amurray| No other packages in the Ubuntu archive appear to call File.ImportedSymbols() at all let alone on arbitrary input files so setting the priority of this CVE to low. Mitigation: Bugs: Priority: low Discovered-by: Assigned-to: CVSS: nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH] Patches_golang-1.17: upstream_golang-1.17: released (1.17.3-1) trusty_golang-1.17: ignored (out of standard support) xenial_golang-1.17: ignored (out of standard support) impish_golang-1.17: needs-triage jammy_golang-1.17: needs-triage devel_golang-1.17: needs-triage Patches_golang-1.16: upstream_golang-1.16: needs-triage trusty_golang-1.16: ignored (out of standard support) xenial_golang-1.16: ignored (out of standard support) focal_golang-1.16: needs-triage hirsute_golang-1.16: ignored (reached end-of-life) impish_golang-1.16: needs-triage jammy_golang-1.16: DNE devel_golang-1.16: DNE Patches_golang-1.15: upstream_golang-1.15: needs-triage trusty_golang-1.15: ignored (out of standard support) xenial_golang-1.15: ignored (out of standard support) hirsute_golang-1.15: ignored (reached end-of-life) impish_golang-1.15: needs-triage Patches_golang-1.11: upstream_golang-1.11: needs-triage trusty_golang-1.11: ignored (out of standard support) xenial_golang-1.11: ignored (out of standard support) Patches_golang-1.8: upstream_golang-1.8: needs-triage trusty_golang-1.8: ignored (out of standard support) xenial_golang-1.8: ignored (out of standard support) bionic_golang-1.8: needs-triage Patches_golang-1.7: upstream_golang-1.7: needs-triage trusty_golang-1.7: ignored (out of standard support) xenial_golang-1.7: ignored (out of standard support)