AVG-1357 log

Package go
Status Fixed
Severity Medium
Type multiple issues
Affected 2:1.16.7-1
Fixed 2:1.17-1
Current 2:1.17.6-2 [community]
Ticket None
Created Mon Dec 14 20:05:03 2020
Issue Severity Remote Type Description
CVE-2021-29923 Medium Yes Access restriction bypass
Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to...
CVE-2020-29511 Medium No Incorrect calculation
Go's encoding/xml handles namespace prefixes on XML elements in a way that causes crafted markup to mutate during round-trips through the xml.Decoder and...
CVE-2020-29510 Medium Yes Incorrect calculation
Go's encoding/xml handles XML directives in a way that causes crafted markup to mutate during round-trips through the xml.Decoder and xml.Encoder...
CVE-2020-29509 Medium Yes Incorrect calculation
Go's encoding/xml handles namespace prefixes on XML attributes in a way that causes crafted markup to mutate during round-trips through the xml.Decoder and...