https://groups.google.com/g/golang-announce/c/JvWG9FUUYT0

https://groups.google.com/forum/#!forum/golang-announce

https://groups.google.com/g/golang-announce/c/uHACNfXAZqk

FEDORA-2021-38b51d9fd3

FEDORA-2021-6a3024b3fd

FEDORA-2021-e71b05ba7b

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an     X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS     server to cause a TLS client to panic. (CVE-2021-34558)

  - Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil     ReverseProxy panic upon an ErrAbortHandler abort. (CVE-2021-36221)

  - Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function     invocation from a WASM module, when GOARCH=wasm GOOS=js is used. (CVE-2021-38297)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4156 advisory.

  - golang: net: lookup functions may return invalid host names (CVE-2021-33195)

  - golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)

  - golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large     exponents (CVE-2021-33198)

  - golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4156 advisory.

  - golang: net: lookup functions may return invalid host names (CVE-2021-33195)

  - golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)

  - golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large     exponents (CVE-2021-33198)

  - golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of golang installed on the remote host is prior to 1.15.15-1.71. It is, therefore, affected by a vulnerability as referenced in the ALAS-2021-1538 advisory.

  - Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil     ReverseProxy panic upon an ErrAbortHandler abort. (CVE-2021-36221)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

An update of the go package has been released.

  - Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from     DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to     the RFC1035 format. (CVE-2021-33195)

  - In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's     header) can cause a NewReader or OpenReader panic. (CVE-2021-33196)

  - In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from     net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.
    (CVE-2021-33197)

  - In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the     math/big.Rat SetString or UnmarshalText method. (CVE-2021-33198)

  - The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an     X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS     server to cause a TLS client to panic. (CVE-2021-34558)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:1207-1 advisory.

  - Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil     ReverseProxy panic upon an ErrAbortHandler abort. (CVE-2021-36221)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:1199-1 advisory.

  - Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil     ReverseProxy panic upon an ErrAbortHandler abort. (CVE-2021-36221)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:2787-1 advisory.

  - Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil     ReverseProxy panic upon an ErrAbortHandler abort. (CVE-2021-36221)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:2788-1 advisory.

  - Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil     ReverseProxy panic upon an ErrAbortHandler abort. (CVE-2021-36221)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2787-1 advisory.

  - Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil     ReverseProxy panic upon an ErrAbortHandler abort. (CVE-2021-36221)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2788-1 advisory.

  - Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil     ReverseProxy panic upon an ErrAbortHandler abort. (CVE-2021-36221)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The Go project reports :

A net/http/httputil ReverseProxy can panic due to a race condition if its Handler aborts with ErrAbortHandler, for example due to an error in copying the response body. An attacker might be able to force the conditions leading to the race condition.

ID	Name	Product	Family	Severity
156430	EulerOS 2.0 SP5 : golang (EulerOS-SA-2021-2930)	Nessus	Huawei Local Security Checks	critical
156305	EulerOS 2.0 SP8 : golang (EulerOS-SA-2021-2802)	Nessus	Huawei Local Security Checks	critical
155090	RHEL 8 : go-toolset:rhel8 (RHSA-2021:4156)	Nessus	Red Hat Local Security Checks	high
155083	CentOS 8 : go-toolset:rhel8 (CESA-2021:4156)	Nessus	CentOS Local Security Checks	high
153859	Amazon Linux AMI : golang (ALAS-2021-1538)	Nessus	Amazon Linux Local Security Checks	medium
153045	Photon OS 3.0: Go PHSA-2021-3.0-0294	Nessus	PhotonOS Local Security Checks	high
152895	openSUSE 15 Security Update : go1.15 (openSUSE-SU-2021:1207-1)	Nessus	SuSE Local Security Checks	medium
152844	openSUSE 15 Security Update : go1.16 (openSUSE-SU-2021:1199-1)	Nessus	SuSE Local Security Checks	medium
152733	openSUSE 15 Security Update : go1.15 (openSUSE-SU-2021:2787-1)	Nessus	SuSE Local Security Checks	medium
152732	openSUSE 15 Security Update : go1.16 (openSUSE-SU-2021:2788-1)	Nessus	SuSE Local Security Checks	medium
152714	SUSE SLED15 / SLES15 Security Update : go1.15 (SUSE-SU-2021:2787-1)	Nessus	SuSE Local Security Checks	medium
152704	SUSE SLED15 / SLES15 Security Update : go1.16 (SUSE-SU-2021:2788-1)	Nessus	SuSE Local Security Checks	medium
152288	FreeBSD : go -- net/http: panic due to racy read of persistConn after handler panic (880552c4-f63f-11eb-9d56-7186043316e9)	Nessus	FreeBSD Local Security Checks	medium

CVE-2021-36221

medium

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

critical

critical

high

high

medium

high

medium

medium

medium

medium

medium

medium

medium