CVE-2022-41920 Lancet is a library for go that contains useful utility functions. An issue was found with zip fileutil, which is fixed in version 2.1.10 and 1.3.4.
When using the fileutil package to unzip a zip file, the code may attempt to access uninitialized memory resulting in a crash. This issue has been addressed and a fix will be included in versions 1.5.6 and 1.3.4. Users are advised to upgrade. There are no known workarounds for this issue. When using redis, the code may crash due to an unchecked io.Reader err return. This issue has been addressed and a fix will be included in versions 1.5.6 and 1.3.4. Users are advised to upgrade. There are no known workarounds for this issue. When using sql, the code may crash due to an unchecked error. This issue has been addressed and a fix will be included in versions 1.5.6 and 1.3.4. Users are advised to upgrade. There are no known workarounds for this issue. When using docker, the code may crash due to an unchecked error. This issue has been addressed and a fix will be included in versions 1.5.6 and 1.3.4. Users are advised to upgrade. There are no known workarounds for this issue. When using redis, the code may crash due to an unchecked error. This issue has been addressed and a fix will be included in versions 1.5.6 and 1.3.4. Users are advised to upgrade. There are no known workarounds for this issue. When
Software requirements for running Docker
1. Linux Kernel ≥ 3.10
2. Docker ≥ 1.5.6
3. docker-compose ≥ 1.6
4. Mounting a device on the host machine and exposing it via the container's devicemapper interface
5. Device mapper (dm) is installed in the kernel or as a module
Timeline
Published on: 11/17/2022 18:15:00 UTC
Last modified on: 11/22/2022 19:09:00 UTC
References
- https://github.com/duke-git/lancet/issues/62
- https://github.com/duke-git/lancet/commit/f869a0a67098e92d24ddd913e188b32404fa72c9
- https://github.com/duke-git/lancet/commit/f133b32faa05eb93e66175d01827afa4b7094572
- https://github.com/duke-git/lancet/security/advisories/GHSA-pp3f-xrw5-q5j4
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41920