CVE-2021-3538

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: github.com/satori/go.uuid versions from commit 0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c to d91630c8510268e75203009fe7daf2b8e1d60c45

Description: A flaw in the github.com/satori/go.uuid package causes the generated UUIDs to be predictable for an attacker due to insecure randomness in the g.rand.Read function. This issue can result in predictable UUIDs and possible collisions, as the random data used to create UUIDs can contain zeros.

Recommendations: For versions from commit 0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c to d91630c8510268e75203009fe7daf2b8e1d60c45, consider using an alternative method to generate UUIDs that ensures secure randomness, or refrain from using the g.rand.Read function until a patch is available. As a temporary workaround, consider implementing additional checks to detect and handle predictable UUIDs.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-338

Related Identifiers

CLEANSTART-2026-AP81168

CLEANSTART-2026-EE52954

CLEANSTART-2026-KW24478

CLEANSTART-2026-LB23787

CLEANSTART-2026-MT27167

CLEANSTART-2026-OS42112

CLEANSTART-2026-PE63912

CLEANSTART-2026-QY63788

CLEANSTART-2026-VZ76006

CVE-2021-3538

GHSA-33M6-Q9V5-62R7

GO-2022-0244

SNYK-GOLANG-GITHUBCOMSATORIGOUUID-72488

Affected Products

Go.Uuid

CVE-2021-3538

Weakness Enumeration

Related Identifiers

Affected Products

References · 98