---

CVE-2021-33196 - log back

CVE-2021-33196 edited at 04 Jun 2021 07:34:28
Description	- A security issue has been found in Go. Due to a pre-allocation optimization in zip.NewReader, a malformed archive which indicates it has a significant number of files can cause either a panic or memory exhaustion. + A security issue has been found in Go before version 1.16.5. Due to a pre-allocation optimization in zip.NewReader, a malformed archive which indicates it has a significant number of files can cause either a panic or memory exhaustion.
References	+ https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI/m/r_EP-NlKBgAJ https://github.com/golang/go/issues/46242 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33912 - https://go.googlesource.com/go/+/ea6b0bf4faa91ad43e255a8d480a9e2b0f70dfc1%5E%21/ + https://github.com/golang/go/commit/895fb1bb6fc0d3c01c5ef7c8cbaf033d1fff9ad7

CVE-2021-33196 edited at 27 May 2021 20:17:39
Severity	- Unknown + Low
Remote	- Unknown + Remote
Type	- Unknown + Denial of service
Description	+ A security issue has been found in Go. Due to a pre-allocation optimization in zip.NewReader, a malformed archive which indicates it has a significant number of files can cause either a panic or memory exhaustion.
References	+ https://github.com/golang/go/issues/46242 + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33912 + https://go.googlesource.com/go/+/ea6b0bf4faa91ad43e255a8d480a9e2b0f70dfc1%5E%21/
Notes

CVE-2021-33196 created at 27 May 2021 20:15:01