VulnerableCode Package Details - pkg:alpm/archlinux/go@2:1.16.4-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-2ps9-t61s-aaan Aliases: CVE-2021-33196	In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic.	2:1.16.5-1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-b1t1-32t4-aaaf Aliases: CVE-2021-33195	Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.	2:1.16.5-1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-qggy-g6kz-aaaj Aliases: CVE-2021-33198	In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.	2:1.16.5-1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-tdq5-pwwt-aaan Aliases: CVE-2021-33197	In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.	2:1.16.5-1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-2ps9-t61s-aaan
Aliases:
CVE-2021-33196

In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic.

2:1.16.5-1
Affected by 1 other vulnerability.

VCID-b1t1-32t4-aaaf
Aliases:
CVE-2021-33195

Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.

2:1.16.5-1
Affected by 1 other vulnerability.

VCID-qggy-g6kz-aaaj
Aliases:
CVE-2021-33198

In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.

2:1.16.5-1
Affected by 1 other vulnerability.

VCID-tdq5-pwwt-aaan
Aliases:
CVE-2021-33197

In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.

2:1.16.5-1
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-mtfq-ngz6-aaad	net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.	CVE-2021-31525 GHSA-h86h-8ppg-mxmh

Vulnerability

Summary

Aliases

VCID-mtfq-ngz6-aaad

net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.

CVE-2021-31525
GHSA-h86h-8ppg-mxmh

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:47:04.174330+00:00	Arch Linux Importer	Fixing	VCID-mtfq-ngz6-aaad	https://security.archlinux.org/AVG-1927	36.0.0
2025-03-28T07:46:34.470834+00:00	Arch Linux Importer	Affected by	VCID-b1t1-32t4-aaaf	https://security.archlinux.org/AVG-2006	36.0.0
2025-03-28T07:46:34.451708+00:00	Arch Linux Importer	Affected by	VCID-2ps9-t61s-aaan	https://security.archlinux.org/AVG-2006	36.0.0
2025-03-28T07:46:34.432635+00:00	Arch Linux Importer	Affected by	VCID-tdq5-pwwt-aaan	https://security.archlinux.org/AVG-2006	36.0.0
2025-03-28T07:46:34.413525+00:00	Arch Linux Importer	Affected by	VCID-qggy-g6kz-aaaj	https://security.archlinux.org/AVG-2006	36.0.0
2024-09-18T02:02:27.367576+00:00	Arch Linux Importer	Fixing	VCID-mtfq-ngz6-aaad	https://security.archlinux.org/AVG-1927	34.0.1
2024-09-18T02:01:53.338079+00:00	Arch Linux Importer	Affected by	VCID-b1t1-32t4-aaaf	https://security.archlinux.org/AVG-2006	34.0.1
2024-09-18T02:01:53.309981+00:00	Arch Linux Importer	Affected by	VCID-2ps9-t61s-aaan	https://security.archlinux.org/AVG-2006	34.0.1
2024-09-18T02:01:53.281367+00:00	Arch Linux Importer	Affected by	VCID-tdq5-pwwt-aaan	https://security.archlinux.org/AVG-2006	34.0.1
2024-09-18T02:01:53.246789+00:00	Arch Linux Importer	Affected by	VCID-qggy-g6kz-aaaj	https://security.archlinux.org/AVG-2006	34.0.1
2024-01-03T22:28:28.353710+00:00	Arch Linux Importer	Fixing	VCID-mtfq-ngz6-aaad	https://security.archlinux.org/AVG-1927	34.0.0rc1
2024-01-03T22:27:57.784099+00:00	Arch Linux Importer	Affected by	VCID-b1t1-32t4-aaaf	https://security.archlinux.org/AVG-2006	34.0.0rc1
2024-01-03T22:27:57.757044+00:00	Arch Linux Importer	Affected by	VCID-2ps9-t61s-aaan	https://security.archlinux.org/AVG-2006	34.0.0rc1
2024-01-03T22:27:57.730544+00:00	Arch Linux Importer	Affected by	VCID-tdq5-pwwt-aaan	https://security.archlinux.org/AVG-2006	34.0.0rc1
2024-01-03T22:27:57.703217+00:00	Arch Linux Importer	Affected by	VCID-qggy-g6kz-aaaj	https://security.archlinux.org/AVG-2006	34.0.0rc1