PT-2021-23401 · Go+6 · Go+6

Published

2021-11-04

·

Updated

2024-06-15

·

CVE-2021-41771

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Go versions prior to 1.16.10 Go versions 1.17.x prior to 1.17.3
Description The issue is related to an out-of-bounds slice situation where ImportedSymbols in debug/macho accesses a memory location after the end of a buffer. This can occur when calling File.ImportedSymbols on a loaded file with an invalid dynamic symbol table command, particularly if the encoded number of undefined symbols exceeds the number of symbols in the symbol table.
Recommendations For Go versions prior to 1.16.10, update to version 1.16.10 or later. For Go versions 1.17.x prior to 1.17.3, update to version 1.17.3 or later.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALSA-2022:1819
ALT-PU-2021-3231
ALT-PU-2021-3244
ALT-PU-2022-1243
ALT-PU-2022-2873
AZL-6451
AZL-79102
BIT-GOLANG-2021-41771
CESA-2022_1819
CVE-2021-41771
DLA-2891-1
DLA-2892-1
DLA-3395-1
DLA-3395-2
GO-2021-0263
MGASA-2021-0537
OESA-2021-1443
OPENSUSE-SU-2021:1539-1
OPENSUSE-SU-2021:3833-1
OPENSUSE-SU-2021:3834-1
OPENSUSE-SU-2021_1539-1
OPENSUSE-SU-2021_3833-1
OPENSUSE-SU-2021_3834-1
OPENSUSE-SU-2024:11609-1
OPENSUSE-SU-2024:11610-1
RHSA-2022:1745
RHSA-2022:1819
RHSA-2022_1819
RLSA-2022:1819
SUSE-SU-2021:3833-1
SUSE-SU-2021:3834-1
SUSE-SU-2021_3833-1
SUSE-SU-2021_3834-1

Affected Products

Alt Linux
Almalinux
Centos
Go
Red Hat
Rocky Linux
Suse