CVE-2021-39293 log

Severity Low
Remote Yes
Type Denial of service
A security issue has been found in go before version 1.17.1. An oversight in the fix for CVE-2021-33196 still allows for an out of memory panic when the indicated directory size in the archive header is so large that subtracting it from the archive size overflows a uint64, effectively bypassing the check that the number of files in the archive is reasonable.
Group Package Affected Fixed Severity Status Ticket
AVG-2370 go 2:1.17-2 2:1.17.1-1 Low Fixed