vulnerability
Arch Linux: Insufficient validation (CVE-2021-33195)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Aug 2, 2021 | Jul 11, 2025 | Nov 27, 2025 |
Severity
7
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Aug 2, 2021
Added
Jul 11, 2025
Modified
Nov 27, 2025
Description
A security issue has been found in Go before version 1.16.5. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in net, and their respective methods on the Resolver type may return arbitrary values retrieved from DNS which do not follow the established RFC 1035 rules for domain names. If these names are used without further sanitization, for instance unsafely included in HTML, they may allow for injection of unexpected content. Note that LookupTXT may still return arbitrary values that could require sanitization before further use.
Solution
arch-linux-upgrade-latest
References
- CVE-2021-33195
- https://attackerkb.com/topics/CVE-2021-33195
- URL-https://groups.google.com/g/golang-announce
- URL-https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI
- URL-https://security.archlinux.org/ASA-202106-42
- URL-https://security.gentoo.org/glsa/202208-02
- URL-https://security.netapp.com/advisory/ntap-20210902-0005/
- CWE-74
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.