The NewReader and OpenReader functions in archive/zip can cause a panic or an unrecoverable fatal error when reading an archive that claims to contain a large number of files, regardless of its actual size. This is caused by an incomplete fix for CVE-2021-33196.
{ "review_status": "REVIEWED", "url": "https://pkg.go.dev/vuln/GO-2022-0273" }