FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
880552c4-f63f-11eb-9d56-7186043316e9	go -- net/http: panic due to racy read of persistConn after handler panic The Go project reports: A net/http/httputil ReverseProxy can panic due to a race condition if its Handler aborts with ErrAbortHandler, for example due to an error in copying the response body. An attacker might be able to force the conditions leading to the race condition. Discovery 2021-06-21 Entry 2021-08-05 go < 1.16.7,1 CVE-2021-36221 https://github.com/golang/go/issues/46866
4fce9635-28c0-11ec-9ba8-002324b2fba8	go -- misc/wasm, cmd/link: do not let command line arguments overwrite global data The Go project reports: When invoking functions from WASM modules, built using GOARCH=wasm GOOS=js, passing very large arguments can cause portions of the module to be overwritten with data from the arguments. If using wasm_exec.js to execute WASM modules, users will need to replace their copy after rebuilding any modules. Discovery 2021-10-06 Entry 2021-10-09 go < 1.17.2,1 CVE-2021-38297 https://github.com/golang/go/issues/48797
4ea1082a-1259-11ec-b4fa-dd5a552bdd17	go -- archive/zip: overflow in preallocation check can cause OOM panic The Go project reports: An oversight in the previous fix still allows for an OOM panic when the indicated directory size in the archive header is so large that subtracting it from the archive size overflows a uint64, effectively bypassing the check that the number of files in the archive is reasonable. Discovery 2021-08-18 Entry 2021-09-10 go < 1.17.1,1 CVE-2021-39293 https://github.com/golang/go/issues/47801

VuXML ID

Description

880552c4-f63f-11eb-9d56-7186043316e9

go -- net/http: panic due to racy read of persistConn after handler panic

The Go project reports:

A net/http/httputil ReverseProxy can panic due to a race condition if its Handler aborts with ErrAbortHandler, for example due to an error in copying the response body. An attacker might be able to force the conditions leading to the race condition.

Discovery 2021-06-21
Entry 2021-08-05
go

< 1.16.7,1

CVE-2021-36221
https://github.com/golang/go/issues/46866

4fce9635-28c0-11ec-9ba8-002324b2fba8

go -- misc/wasm, cmd/link: do not let command line arguments overwrite global data

The Go project reports:

When invoking functions from WASM modules, built using GOARCH=wasm GOOS=js, passing very large arguments can cause portions of the module to be overwritten with data from the arguments.

If using wasm_exec.js to execute WASM modules, users will need to replace their copy after rebuilding any modules.

Discovery 2021-10-06
Entry 2021-10-09
go

< 1.17.2,1

CVE-2021-38297
https://github.com/golang/go/issues/48797

4ea1082a-1259-11ec-b4fa-dd5a552bdd17

go -- archive/zip: overflow in preallocation check can cause OOM panic

The Go project reports:

An oversight in the previous fix still allows for an OOM panic when the indicated directory size in the archive header is so large that subtracting it from the archive size overflows a uint64, effectively bypassing the check that the number of files in the archive is reasonable.

Discovery 2021-08-18
Entry 2021-09-10
go

< 1.17.1,1

CVE-2021-39293
https://github.com/golang/go/issues/47801