Vulnerability CVE-2021-38297

Vulnerability Name:

CVE-2021-38297 (CCN-211507)

Assigned:

2021-10-07

Published:

2021-10-07

Updated:

2023-04-20

Summary:

CVSS v3 Severity:

9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

9.8 Critical (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2021-38297

Source: XF
Type: UNKNOWN
golang-cve202138297-bo(211507)

Source: CCN
Type: Golang Web site
go

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Release Notes, Third Party Advisory
cve@mitre.org

Source: CCN
Type: Google Groups Web site
Go 1.17.2 and Go 1.16.9 are released

Source: cve@mitre.org
Type: UNKNOWN
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: CCN
Type: IBM Security Bulletin 6523422 (Event Streams)
IBM Event Streams affected by potential buffer overflow in Golang (CVE-2021-38297)

Source: CCN
Type: IBM Security Bulletin 6615221 (Robotic Process Automation for Cloud Pak)
Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak

Source: CCN
Type: IBM Security Bulletin 6831813 (Netcool Operations Insight)
Netcool Operations Insight v1.6.6 contains fixes for multiple security vulnerabilities.

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration CCN 1:

cpe:/a:golang:go:1.16.0:-:*:*:*:*:*:*

OR cpe:/a:golang:go:1.17.0:*:*:*:*:*:*:*

AND

cpe:/a:ibm:event_streams:2019.4.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:2019.4.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:10.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:2019.4.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:10.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:10.2.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:10.3.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:10.3.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.3:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:3387	P	u-boot-rpi3-2019.01-3.7 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:95017	P	go1.17-1.17.9-150000.1.31.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94922	P	libSDL-1_2-0-1.2.15-150000.3.19.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94923	P	libSDL2-2_0-0-2.0.8-150200.11.6.1 on GA media (Moderate)	2022-06-22
oval:com.redhat.rhsa:def:20221819	P	RHSA-2022:1819: go-toolset:rhel8 security and bug fix update (Moderate)	2022-05-10
oval:org.opensuse.security:def:4583	P	Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP5) (Important)	2022-04-25
oval:org.opensuse.security:def:4582	P	Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP5) (Important)	2022-04-23
oval:org.opensuse.security:def:101635	P	Security update for clamav (Important)	2022-02-18
oval:org.opensuse.security:def:101636	P	Security update for expat (Important)	2022-02-18
oval:org.opensuse.security:def:112340	P	go1.17-1.17.2-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:112338	P	go1.16-1.16.9-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:4513	P	Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP5) (Important)	2021-11-17
oval:org.opensuse.security:def:4514	P	Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP5) (Important)	2021-11-17
oval:org.opensuse.security:def:111111	P	Security update for go1.16 (Moderate)	2021-10-31
oval:org.opensuse.security:def:74740	P	Security update for go1.17 (Moderate)	2021-10-20
oval:org.opensuse.security:def:65672	P	Security update for go1.17 (Moderate)	2021-10-20
oval:org.opensuse.security:def:74670	P	Security update for go1.16 (Moderate)	2021-10-20
oval:org.opensuse.security:def:65602	P	Security update for go1.16 (Moderate)	2021-10-20
oval:org.opensuse.security:def:111756	P	Security update for go1.16 (Moderate)	2021-10-20
oval:org.opensuse.security:def:1131	P	Security update for go1.16 (Moderate)	2021-10-20
oval:org.opensuse.security:def:74671	P	Security update for go1.17 (Moderate)	2021-10-20
oval:org.opensuse.security:def:108301	P	Security update for go1.16 (Moderate)	2021-10-20
oval:org.opensuse.security:def:117815	P	Security update for go1.16 (Moderate)	2021-10-20
oval:org.opensuse.security:def:101809	P	Security update for go1.16 (Moderate)	2021-10-20
oval:org.opensuse.security:def:65603	P	Security update for go1.17 (Moderate)	2021-10-20
oval:org.opensuse.security:def:111757	P	Security update for go1.17 (Moderate)	2021-10-20
oval:org.opensuse.security:def:1132	P	Security update for go1.17 (Moderate)	2021-10-20
oval:org.opensuse.security:def:74739	P	Security update for go1.16 (Moderate)	2021-10-20
oval:org.opensuse.security:def:108302	P	Security update for go1.17 (Moderate)	2021-10-20
oval:org.opensuse.security:def:117816	P	Security update for go1.17 (Moderate)	2021-10-20
oval:org.opensuse.security:def:101810	P	Security update for go1.17 (Moderate)	2021-10-20
oval:org.opensuse.security:def:65671	P	Security update for go1.16 (Moderate)	2021-10-20

BACK