security/vuxml: Document lang/go vulnerability

freebsd · Aug 5, 2021 · 5555795 · 5555795
1 parent 2db79ab
commit 5555795
Showing 1 changed file with 30 additions and 0 deletions.
diff --git a/security/vuxml/vuln-2021.xml b/security/vuxml/vuln-2021.xml
@@ -1,3 +1,33 @@
+  <vuln vid="880552c4-f63f-11eb-9d56-7186043316e9">
+    <topic>go -- net/http: panic due to racy read of persistConn after handler panic</topic>
+    <affects>
+      <package>
+	<name>go</name>
+	<range><lt>1.16.7,1</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>The Go project reports:</p>
+	<blockquote cite="https://github.com/golang/go/issues/46866">
+	  <p>A net/http/httputil ReverseProxy can panic due to a race
+	  condition if its Handler aborts with ErrAbortHandler, for
+	  example due to an error in copying the response body. An
+	  attacker might be able to force the conditions leading to
+	  the race condition.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2021-36221</cvename>
+      <url>https://github.com/golang/go/issues/46866</url>
+    </references>
+    <dates>
+      <discovery>2021-06-21</discovery>
+      <entry>2021-08-05</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="1d651770-f4f5-11eb-ba49-001b217b3468">
     <topic>Gitlab -- Gitlab</topic>
     <affects>