CVE-2022-23772

Опубликовано: 11 фев. 2022

Источник: debian

EPSS Низкий

Описание

Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.

Пакет	Статус	Версия исправления	Релиз	Тип
golang-1.18	fixed	1.18~beta2-1		package
golang-1.17	fixed	1.17.7-1		package
golang-1.15	removed			package
golang-1.15	fixed	1.15.15-1~deb11u3	bullseye	package
golang-1.11	removed			package
golang-1.11	ignored		buster	package
golang-1.8	removed			package
golang-1.7	removed			package

https://github.com/golang/go/issues/50699
https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ
https://github.com/golang/go/commit/539d430efb5043cc6a2d4d4fcd2866b11717039a (go1.17.7)

EPSS

Процентиль: 3%

0.00017

Низкий

CVE-2022-23772

CVSS3: 7.5

ubuntu

больше 3 лет назад

Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.

CVE-2022-23772

CVSS3: 7.5

redhat

больше 3 лет назад

Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.

CVE-2022-23772

CVSS3: 7.5

nvd

больше 3 лет назад

Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.

CVE-2022-23772

CVSS3: 7.5

msrc

больше 3 лет назад

Описание отсутствует

GHSA-q99m-p7hq-5v4f

CVSS3: 7.5

github

больше 3 лет назад

Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.

EPSS

Процентиль: 3%

0.00017

Низкий