CVE-2021-36221

CVSS v3.1 5.9 (Medium)

CVSS v2.0 4.3 (Medium)

EPSS 0.97 % (84^th)

Affected Products 6

Advisories 21

Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.

Weaknesses

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2021-08-08 06:15:08
(3 years ago)
Updated Date: 2023-11-07 03:36:44
(10 months ago)

Affected Products

Debian

Debian Linux

Fedoraproject

Fedora

Golang

Go

Oracle

Timesten In-memory Database

Siemens

Configuration #1

		CPE23	From	Up To
	Golang Go prior 1.15.15 version	cpe:2.3:a:golang:go		< 1.15.15
	Golang Go from 1.16.0 version and prior 1.16.7 version	cpe:2.3:a:golang:go	>= 1.16.0	< 1.16.7

Configuration #2

		CPE23	From	Up To
	Fedoraproject Fedora 33	cpe:2.3:o:fedoraproject:fedora:33
	Fedoraproject Fedora 34	cpe:2.3:o:fedoraproject:fedora:34
	Fedoraproject Fedora 35	cpe:2.3:o:fedoraproject:fedora:35

Configuration #3

		CPE23	From	Up To
	Debian Linux 9.0	cpe:2.3:o:debian:debian_linux:9.0

Configuration #4

		CPE23	From	Up To
	Oracle Timesten In-memory Database prior 21.1.1.1.0 version	cpe:2.3:a:oracle:timesten_in-memory_database		< 21.1.1.1.0

Configuration #5

AND

		CPE23	From	Up To
OR
	Siemens Scalance Lpe9403 Firmware prior 2.0 version	cpe:2.3:o:siemens:scalance_lpe9403_firmware		< 2.0
OR
	Running on/with
	Siemens Scalance Lpe9403	cpe:2.3:h:siemens:scalance_lpe9403:-