Описание
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| golang-1.15 | fixed | 1.15~rc2-1 | package | |
| golang-1.14 | fixed | 1.14.7-1 | package | |
| golang-1.11 | removed | package | ||
| golang-1.8 | removed | package | ||
| golang-1.7 | removed | package |
Примечания
https://groups.google.com/forum/#!topic/golang-announce/NyPIaucMgXo
https://github.com/golang/go/issues/40618
Fixed in 1.15~rc2, 1.14.7, 1.13.15
EPSS
Процентиль: 26%
0.00084
Низкий
Связанные уязвимости
CVSS3: 7.5
ubuntu
почти 5 лет назад
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
CVSS3: 7.5
redhat
почти 5 лет назад
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
CVSS3: 7.5
nvd
почти 5 лет назад
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
EPSS
Процентиль: 26%
0.00084
Низкий