PT-2021-21184 · Go+6 · Go+6

Published

2021-02-19

Updated

2024-06-15

CVE-2021-36221

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Go versions 1.15.x through 1.15.14 Go versions 1.16.x through 1.16.6

Description The issue is related to a race condition that can cause a net/http/httputil ReverseProxy panic when an ErrAbortHandler abort occurs. This happens when there is a problem copying a proxied response body, leading to a panic in the ReverseProxy.

Recommendations For Go versions 1.15.x through 1.15.14, update to version 1.15.15 or later to resolve the issue. For Go versions 1.16.x through 1.16.6, update to version 1.16.7 or later to resolve the issue.

Fix

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

ALSA-2021:4156

ALT-PU-2021-1376

ALT-PU-2021-2468

ALT-PU-2021-2489

ALT-PU-2021-2502

ALT-PU-2022-1243

BIT-GOLANG-2021-36221

CESA-2021_4156

CESA-2022_7457

CVE-2021-36221

DLA-2891-1

DLA-2892-1

DLA-3395-1

DLA-3395-2

GO-2021-0245

MGASA-2021-0416

OESA-2021-1402

OPENSUSE-SU-2021:1199-1

OPENSUSE-SU-2021:1207-1

OPENSUSE-SU-2021:2787-1

OPENSUSE-SU-2021:2788-1

OPENSUSE-SU-2021_1199-1

OPENSUSE-SU-2021_1207-1

OPENSUSE-SU-2021_2787-1

OPENSUSE-SU-2021_2788-1

OPENSUSE-SU-2024:10808-1

OPENSUSE-SU-2024:10809-1

RHSA-2021:4156

RHSA-2021:4765

RHSA-2021_4156

RHSA-2022:0557

RHSA-2022:1276

RHSA-2022:1361

RHSA-2022:7457

RHSA-2022_7457

RLSA-2021:4156

RLSA-2022:7457

SUSE-SU-2021:2787-1

SUSE-SU-2021:2788-1

SUSE-SU-2021_2787-1

SUSE-SU-2021_2788-1

Affected Products

Alt Linux

Almalinux

Centos

Red Hat

Rocky Linux

Suse

PT-2021-21184 · Go+6 · Go+6

CVE-2021-36221

Weakness Enumeration

Related Identifiers

Affected Products

References · 154