CVE-2021-44717 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Incorrect calculation
Description	A security issue has been found in go before version 1.17.5. When a Go program running on a Unix system is out of file descriptors and calls syscall.ForkExec (including indirectly by using the os/exec package), syscall.ForkExec can close file descriptor 0 as it fails. If this happens (or can be provoked) repeatedly, it can result in misdirected I/O such as writing network traffic intended for one connection to a different connection, or content intended for one file to a different one.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2617	go	2:1.17.4-1	2:1.17.5-1	Medium	Fixed

References
https://groups.google.com/g/golang-announce/c/hcmEScgc00k https://github.com/golang/go/issues/50057 https://github.com/golang/go/commit/e46abcb816fb20663483f84fe52e370790a99bee

Notes
Workaround ========== The issue can be mitigated by raising the per-process file descriptor limit.