CVE-2021-33198

Опубликовано: 02 авг. 2021

Источник: debian

EPSS Низкий

Описание

In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.

Пакет	Статус	Версия исправления	Релиз	Тип
golang-1.16	fixed	1.16.5-1		package
golang-1.15	fixed	1.15.9-5		package
golang-1.11	removed			package
golang-1.11	postponed		buster	package
golang-1.8	removed			package
golang-1.8	not-affected		stretch	package
golang-1.7	removed			package
golang-1.7	not-affected		stretch	package

https://github.com/golang/go/issues/45910
https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI
Introduced by https://github.com/golang/go/commit/e4ba40030f9ba4b61bb28dbf78bb41a7b14e6788 (go1.13beta1)

EPSS

Процентиль: 6%

0.00028

Низкий

CVE-2021-33198

CVSS3: 7.5

ubuntu

почти 4 года назад

In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.

CVE-2021-33198

CVSS3: 7.5

redhat

больше 4 лет назад

In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.

CVE-2021-33198

CVSS3: 7.5

nvd

почти 4 года назад

In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.

CVE-2021-33198

CVSS3: 7.5

msrc

9 месяцев назад

Описание отсутствует

GHSA-q2pw-fq43-w78v

CVSS3: 7.5

github

около 3 лет назад

Go before 1.15.12 and 1.16.x before 1.16.5 attempts to allocate excessive memory (issue 2 of 2).

EPSS

Процентиль: 6%

0.00028

Низкий