blob: 0a523b78e29c7b102f2701f35a728a359579713c [file] [log] [blame]
packages:
- module: std
package: archive/zip
symbols:
- Reader.init
versions:
- fixed: 1.15.13
- introduced: 1.16.0
fixed: 1.16.5
description: |
NewReader and OpenReader can cause a panic or an unrecoverable
fatal error when reading an archive that claims to contain a large
number of files, regardless of its actual size.
published: 2022-02-17T17:33:25Z
cves:
- CVE-2021-33196
credit: |
the OSS-Fuzz project for discovering this issue and
Emmanuel Odeke for reporting it
links:
pr: https://go.dev/cl/318909
commit: https://go.googlesource.com/go/+/74242baa4136c7a9132a8ccd9881354442788c8c
context:
- https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI
- https://go.dev/issue/46242