reports/GO-2021-0067.toml - vulndb - Git at Google

 package = "archive/zip"

 stdlib = true

 description = """
 Using Reader.Open on an archive containing a file with a path
 prefixed by "../" will cause a panic due to a stack overflow.
 """

 cve = "CVE-2021-27919"

 symbols = ["toValidName"]

 [[versions]]
 introduced = "go1.16"
 fixed = "go1.16.1"

 [links]
 commit = "https://github.com/golang/go/commit/cd3b4ca9f20fd14187ed4cdfdee1a02ea87e5cd8"
 pr = "https://go-review.googlesource.com/c/go/+/300489"
 context = ["https://github.com/golang/go/issues/44916"]
	package = "archive/zip"

	stdlib = true

	description = """
	Using Reader.Open on an archive containing a file with a path
	prefixed by "../" will cause a panic due to a stack overflow.
	"""

	cve = "CVE-2021-27919"

	symbols = ["toValidName"]

	[[versions]]
	introduced = "go1.16"
	fixed = "go1.16.1"

	[links]
	commit = "https://github.com/golang/go/commit/cd3b4ca9f20fd14187ed4cdfdee1a02ea87e5cd8"
	pr = "https://go-review.googlesource.com/c/go/+/300489"
	context = ["https://github.com/golang/go/issues/44916"]