Jump to:

CVE-2021-31525

Jump to:

CVE-2021-31525

Package golang updated to version 1.16.4-alt1 for branch sisyphus in task 271287.

Published: 2021-05-27
Modified: 2024-11-21

CVE-2021-31525

net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

https://github.com/golang/go/issues/45710
https://github.com/golang/go/issues/45710
https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc
https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc
FEDORA-2021-ee3c072cd0
FEDORA-2021-ee3c072cd0
GLSA-202208-02
GLSA-202208-02

Version: 2.1.0

Package golang update in sisyphus on 2021-05-06

ALT-PU-2021-1769-1

Closed vulnerabilities

CVE-2021-31525