-
Notifications
You must be signed in to change notification settings - Fork 17.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
debug/macho: invalid dynamic symbol table command can cause panic [1.16 backport] #48991
Labels
Milestone
Comments
gopherbot
added
the
CherryPickCandidate
Used during the release process for point releases
label
Oct 14, 2021
Approved for backport. Thanks. |
cherrymui
added
CherryPickApproved
Used during the release process for point releases
and removed
CherryPickCandidate
Used during the release process for point releases
labels
Oct 20, 2021
Change https://golang.org/cl/359454 mentions this issue: |
Closed by merging d19c5bd to release-branch.go1.16. |
gopherbot
pushed a commit
that referenced
this issue
Oct 29, 2021
…able command Fail out when loading a file that contains a dynamic symbol table command that indicates a larger number of symbols than exist in the loaded symbol table. Thanks to Burak Çarıkçı - Yunus Yıldırım (CT-Zer0 Crypttech) for reporting this issue. Updates #48990 Fixes #48991 Fixes CVE-2021-41771 Change-Id: Ic3d6e6529241afcc959544b326b21b663262bad5 Reviewed-on: https://go-review.googlesource.com/c/go/+/355990 Reviewed-by: Julie Qiu <julie@golang.org> Reviewed-by: Katie Hockman <katie@golang.org> Reviewed-by: Emmanuel Odeke <emmanuel@orijtech.com> Run-TryBot: Roland Shoemaker <roland@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Trust: Katie Hockman <katie@golang.org> (cherry picked from commit 61536ec) Reviewed-on: https://go-review.googlesource.com/c/go/+/359454 Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
danbudris
pushed a commit
to danbudris/go
that referenced
this issue
Sep 14, 2022
…able command Fail out when loading a file that contains a dynamic symbol table command that indicates a larger number of symbols than exist in the loaded symbol table. Thanks to Burak Çarıkçı - Yunus Yıldırım (CT-Zer0 Crypttech) for reporting this issue. Updates golang#48990 Fixes golang#48991 Fixes CVE-2021-41771 Change-Id: Ic3d6e6529241afcc959544b326b21b663262bad5 Reviewed-on: https://go-review.googlesource.com/c/go/+/355990 Reviewed-by: Julie Qiu <julie@golang.org> Reviewed-by: Katie Hockman <katie@golang.org> Reviewed-by: Emmanuel Odeke <emmanuel@orijtech.com> Run-TryBot: Roland Shoemaker <roland@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Trust: Katie Hockman <katie@golang.org> (cherry picked from commit 61536ec) Reviewed-on: https://go-review.googlesource.com/c/go/+/359454 Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
rcrozean
pushed a commit
to rcrozean/go
that referenced
this issue
Oct 5, 2022
# AWS EKS Backported To: go-1.15.15-eks Backported On: Thu, 22 Sept 2022 Backported By: budris@amazon.com Backported From: release-branch.go1.16 Upstream Source Commit: golang@d19c5bd EKS Patch Source Commit: danbudris@572d2e8 # Original Information Fail out when loading a file that contains a dynamic symbol table command that indicates a larger number of symbols than exist in the loaded symbol table. Thanks to Burak Çarıkçı - Yunus Yıldırım (CT-Zer0 Crypttech) for reporting this issue. Updates golang#48990 Fixes golang#48991 Fixes CVE-2021-41771 Change-Id: Ic3d6e6529241afcc959544b326b21b663262bad5 Reviewed-on: https://go-review.googlesource.com/c/go/+/355990 Reviewed-by: Julie Qiu <julie@golang.org> Reviewed-by: Katie Hockman <katie@golang.org> Reviewed-by: Emmanuel Odeke <emmanuel@orijtech.com> Run-TryBot: Roland Shoemaker <roland@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Trust: Katie Hockman <katie@golang.org> (cherry picked from commit 61536ec) Reviewed-on: https://go-review.googlesource.com/c/go/+/359454 Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
rcrozean
pushed a commit
to rcrozean/go
that referenced
this issue
Oct 12, 2022
# AWS EKS Backported To: go-1.15.15-eks Backported On: Thu, 22 Sept 2022 Backported By: budris@amazon.com Backported From: release-branch.go1.16 Upstream Source Commit: golang@d19c5bd EKS Patch Source Commit: danbudris@572d2e8 # Original Information Fail out when loading a file that contains a dynamic symbol table command that indicates a larger number of symbols than exist in the loaded symbol table. Thanks to Burak Çarıkçı - Yunus Yıldırım (CT-Zer0 Crypttech) for reporting this issue. Updates golang#48990 Fixes golang#48991 Fixes CVE-2021-41771 Change-Id: Ic3d6e6529241afcc959544b326b21b663262bad5 Reviewed-on: https://go-review.googlesource.com/c/go/+/355990 Reviewed-by: Julie Qiu <julie@golang.org> Reviewed-by: Katie Hockman <katie@golang.org> Reviewed-by: Emmanuel Odeke <emmanuel@orijtech.com> Run-TryBot: Roland Shoemaker <roland@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Trust: Katie Hockman <katie@golang.org> (cherry picked from commit 61536ec) Reviewed-on: https://go-review.googlesource.com/c/go/+/359454 Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
@rolandshoemaker requested issue #48990 to be considered for backport to the next 1.16 minor release.
The text was updated successfully, but these errors were encountered: