正文

Google Golang 安全漏洞

admin
admin V管理员 /0 评论 /9 阅读
0305
此篇文章发布距今已超过1160天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

Google Golang 安全漏洞

  • CNNVD编号:CNNVD-202101-2391
    • <!--
  • 危害等级: 中危-->
  • 危害等级: 中危
  • CVE编号: CVE-2021-3114
  • 漏洞类型: 其他
  • 发布时间: 2021-01-26
  • 威胁类型: 远程
  • 更新时间: 2021-11-11
  • 厂        商:
  • 漏洞来源: Red Hat

漏洞简介

Golang是美国谷歌(Google)的一种静态强类型、编译型语言。Go的语法接近C语言,但对于变量的声明有所不同。Go支持垃圾回收功能。Go的并行模型是以东尼·霍尔的通信顺序进程(CSP)为基础,采取类似模型的其他语言包括Occam和Limbo,但它也具有Pi运算的特征,比如通道传输。在1.8版本中开放插件(Plugin)的支持,这意味着现在能从Go中动态加载部分函数。

Go 1.14.14之前和1.15.7之前的 crypto 代码包存在安全漏洞,该漏洞源于当使用“go get”命令获取使用cgo的模块时(例如,cgo可以从不受信任的下载中执行gcc程序),容易受到命令注入和远程代码执行的攻击。

漏洞公告

目前厂商已发布升级补丁以修复漏洞,补丁获取链接:

https://github.com/golang/go/commit/d95ca9138026cbe40e0857d76a81a16d03230871

参考网址

来源:CONFIRM

链接:https://security.netapp.com/advisory/ntap-20210219-0001/

来源:MLIST

链接:https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html

来源:CONFIRM

链接:https://github.com/golang/go/commit/d95ca9138026cbe40e0857d76a81a16d03230871

来源:CONFIRM

链接:https://groups.google.com/g/golang-announce/c/mperVMGa98w

来源:MLIST

链接:https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/

来源:DEBIAN

链接:https://www.debian.org/security/2021/dsa-4848

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.0309/

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021052216

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021110506

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-golang-affect-ibm-spectrum-protect-plus-container-backup-and-restore-for-kubernetes-and-openshift-cve-2021-3114-cve-2021-3115/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.1726

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/162306/Red-Hat-Security-Advisory-2021-1339-01.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.3793

来源:nvd.nist.gov

链接:https://nvd.nist.gov/vuln/detail/CVE-2021-3114

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021090126

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.1378

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.2180

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/164892/Red-Hat-Security-Advisory-2021-4226-06.html

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021052527

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-go-vulnerabilities-cve-2021-3114-cve-2021-3115/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-go-affects-ibm-cloud-automation-manager-5/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/162476/Red-Hat-Security-Advisory-2021-1366-01.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.2228

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/162721/Red-Hat-Security-Advisory-2021-2053-01.html

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021042502

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-integration-is-vulnerable-to-go-vulnerabilities-cve-2021-3114-and-cve-2021-3115/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/164452/Red-Hat-Security-Advisory-2021-3748-01.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.2555

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.0891

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021051604

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-go-4/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/163957/Red-Hat-Security-Advisory-2021-3361-01.html

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021052037

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021053006

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021050610

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.2711

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.2959

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.1792

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-multicloud-management-monitoring-has-applied-security-fixes-for-its-use-of-golang-go/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.3652

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/162755/Red-Hat-Security-Advisory-2021-2093-01.html

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/164754/Red-Hat-Security-Advisory-2021-4103-01.html

来源:vigilance.fr

链接:https://vigilance.fr/vulnerability/Go-information-disclosure-via-P-224-Curve-Computation-Error-34412

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.1754

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021062509

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/162015/Red-Hat-Security-Advisory-2021-0958-01.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.1516

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/163688/Red-Hat-Security-Advisory-2021-2437-01.html

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/163267/Red-Hat-Security-Advisory-2021-2532-01.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.1086

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.3340

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.0432

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-go-affects-ibm-cloud-pak-for-multicloud-management-managed-service-5/

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021062314

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-go-affect-ibm-cloud-pak-for-multicloud-management-hybrid-grc-3/

受影响实体

    暂无


补丁

    暂无