CVE-2021-3538

NameCVE-2021-3538
DescriptionA flaw was found in github.com/satori/go.uuid in versions from commit 0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c to d91630c8510268e75203009fe7daf2b8e1d60c45. Due to insecure randomness in the g.rand.Read function the generated UUIDs are predictable for an attacker.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
golang-github-satori-go.uuid (PTS)buster, bullseye1.2.0-2fixed
sid, trixie, bookworm1.2.0-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
golang-github-satori-go.uuidsource(unstable)(not affected)

Notes

- golang-github-satori-go.uuid <not-affected> (Vulnerable code introduced later and not in any released version)
https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSATORIGOUUID-72488
Possibly introduced by: https://github.com/satori/go.uuid/commit/0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c
Fixed by: https://github.com/satori/go.uuid/commit/d91630c8510268e75203009fe7daf2b8e1d60c45
https://github.com/satori/go.uuid/issues/73
Search for package or bug name: Reporting problems