CVE-2021-44717 — Improper Resource Shutdown or Release in GO

CWE-404 — Improper Resource Shutdown or Release CWE-200 — Sensitive Information Exposure CWE-668 — Resource Exposure8 documents7 sources

Severity

4.8MEDIUMNVD

EPSS

0.2%

top 55.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Golang GO Debian Linux Paloalto Pan-os

Timeline

PublishedJan 1

Latest updateNov 1

Description

Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 2.2 | Impact: 2.5

Affected Packages2 packages

▶NVDgolang/go1.17.0 — 1.17.5+1

▶Palo Altopaloalto/pan-os

Also affects: Debian Linux 9.0

Patches

Patch: groups.google.com ↗Patch: groups.google.com ↗

🔴Vulnerability Details

OSV

Misdirected I/O in syscall↗2022-05-18

▶

GHSA

GHSA-x9r7-cjm2-h6cp: Go before 1↗2022-01-02

▶

CVEList

CVE-2021-44717: Go before 1↗2022-01-01

▶

OSV

CVE-2021-44717: Go before 1↗2022-01-01

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2024-0013 Informational Bulletin: Impact of OSS CVEs in PAN-OS↗2024-11-01

▶

Red Hat

golang: syscall: don't close fd 0 on ForkExec error↗2021-12-09

▶

Debian

CVE-2021-44717: golang-1.15 - Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an...↗2021

▶