In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196.
Allocation of Resources Without Limits or Throttling
Uncontrolled Resource Consumption
See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.
Sign in