Vulnerability Report: GO-2021-0263
standard library- CVE-2021-41771
- Affects: debug/macho
- Published: Jan 13, 2022
- Modified: May 20, 2024
Calling File.ImportedSymbols on a loaded file which contains an invalid dynamic symbol table command can cause a panic, in particular if the encoded number of undefined symbols is larger than the number of symbols in the symbol table.
Affected Packages
-
PathGo VersionsSymbols
-
before go1.16.10, from go1.17.0-0 before go1.17.3
Aliases
References
- https://go.dev/cl/367075
- https://go.googlesource.com/go/+/61536ec03063b4951163bd09609c86d82631fa27
- https://groups.google.com/g/golang-announce/c/0fM21h43arc
- https://go.dev/issue/48990
- https://vuln.go.dev/ID/GO-2021-0263.json
Credits
- Burak Çarıkçı - Yunus Yıldırım (CT-Zer0 Crypttech)
Feedback
See anything missing or incorrect?
Suggest an edit to this report.