Vulnerability CVE-2021-36221: Information

Description

Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2021-36221
Published: Aug. 8, 2021
Modified: Nov. 7, 2023
Error type identifier: CWE-362

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
golangsisyphus1.16-alt11.22.4-alt1ALT-PU-2021-1376-1266604Fixed
golangp101.16.7-alt11.21.11-alt1ALT-PU-2021-2502-1282290Fixed
golangp91.15.15-alt11.15.15-alt1ALT-PU-2021-2489-1282289Fixed
golangc10f11.16.7-alt11.21.10-alt1ALT-PU-2021-2502-1282290Fixed
golangc9f21.16.13-alt1.c91.20.13-alt1ALT-PU-2022-1243-1293762Fixed
golangp111.16-alt11.22.4-alt1ALT-PU-2021-1376-1266604Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://groups.google.com/g/golang-announce/c/JvWG9FUUYT0
  • Mailing List
  • Third Party Advisory
https://groups.google.com/g/golang-announce/c/uHACNfXAZqk
  • Mailing List
  • Third Party Advisory
[debian-lts-announce] 20220121 [SECURITY] [DLA 2892-1] golang-1.7 security update
  • Mailing List
  • Third Party Advisory
[debian-lts-announce] 20220121 [SECURITY] [DLA 2891-1] golang-1.8 security update
  • Mailing List
  • Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
  • Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
  • Patch
  • Third Party Advisory
GLSA-202208-02
  • Third Party Advisory
[debian-lts-announce] 20230419 [SECURITY] [DLA 3395-1] golang-1.11 security update
    https://groups.google.com/forum/#%21forum/golang-announce
      FEDORA-2021-38b51d9fd3
        FEDORA-2021-6a3024b3fd
          FEDORA-2021-e71b05ba7b

              1. Configuration 1

                cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
                Start including
                1.16.0
                End excliding
                1.16.7
                cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
                End excliding
                1.15.15

                Configuration 2

                cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
                cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
                cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

                Configuration 3

                cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

                Configuration 4

                cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*
                End excliding
                21.1.1.1.0

                Configuration 5

                cpe:2.3:o:siemens:scalance_lpe9403_firmware:*:*:*:*:*:*:*:*
                Running on/with:
                cpe:2.3:h:siemens:scalance_lpe9403:-:*:*:*:*:*:*:*
            VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
            Version: v24.5.3
            Back to top