FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

go -- multiple vulnerabilities

Affected packages
go < 1.17.3,1

Details

VuXML ID 930def19-3e05-11ec-9ba8-002324b2fba8
Discovery 2021-11-04
Entry 2021-11-05

The Go project reports:

debug/macho fails out when loading a file that contains a dynamic symbol table command that indicates a larger number of symbols than exist in the loaded symbol table.

[source]

Previously, opening a zip with (*Reader).Open could result in a panic if the zip contained a file whose name was exclusively made up of slash characters or ".." path elements. Open could also panic if passed the empty string directly as an argument.

[source]

References

CVE Name CVE-2021-41771
CVE Name CVE-2021-41772
URL https://github.com/golang/go/issues/48085
URL https://github.com/golang/go/issues/48990

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.