ALT-PU-2021-3504-1
Closed vulnerabilities
Published: 2022-01-01
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2021-44716
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf
- https://groups.google.com/g/golang-announce/c/hcmEScgc00k
- https://groups.google.com/g/golang-announce/c/hcmEScgc00k
- [debian-lts-announce] 20220121 [SECURITY] [DLA 2891-1] golang-1.8 security update
- [debian-lts-announce] 20220121 [SECURITY] [DLA 2891-1] golang-1.8 security update
- [debian-lts-announce] 20220121 [SECURITY] [DLA 2892-1] golang-1.7 security update
- [debian-lts-announce] 20220121 [SECURITY] [DLA 2892-1] golang-1.7 security update
- [debian-lts-announce] 20230419 [SECURITY] [DLA 3395-1] golang-1.11 security update
- [debian-lts-announce] 20230419 [SECURITY] [DLA 3395-1] golang-1.11 security update
- GLSA-202208-02
- GLSA-202208-02
- https://security.netapp.com/advisory/ntap-20220121-0002/
- https://security.netapp.com/advisory/ntap-20220121-0002/
Published: 2022-01-01
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2021-44717
Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.
Severity: MEDIUM (4.8)
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
References:
- https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf
- https://groups.google.com/g/golang-announce/c/hcmEScgc00k
- https://groups.google.com/g/golang-announce/c/hcmEScgc00k
- [debian-lts-announce] 20220121 [SECURITY] [DLA 2891-1] golang-1.8 security update
- [debian-lts-announce] 20220121 [SECURITY] [DLA 2891-1] golang-1.8 security update
- [debian-lts-announce] 20220121 [SECURITY] [DLA 2892-1] golang-1.7 security update
- [debian-lts-announce] 20220121 [SECURITY] [DLA 2892-1] golang-1.7 security update
- [debian-lts-announce] 20230419 [SECURITY] [DLA 3395-1] golang-1.11 security update
- [debian-lts-announce] 20230419 [SECURITY] [DLA 3395-1] golang-1.11 security update
- GLSA-202208-02
- GLSA-202208-02