FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

go -- archive/zip: overflow in preallocation check can cause OOM panic

Affected packages
go < 1.17.1,1


VuXML ID 4ea1082a-1259-11ec-b4fa-dd5a552bdd17
Discovery 2021-08-18
Entry 2021-09-10

The Go project reports:

An oversight in the previous fix still allows for an OOM panic when the indicated directory size in the archive header is so large that subtracting it from the archive size overflows a uint64, effectively bypassing the check that the number of files in the archive is reasonable.


CVE Name CVE-2021-39293