GHSA-q6gq-997w-f55g

Опубликовано: 16 дек. 2021

Источник: github

Github: Прошло ревью

CVSS3: 7.5

Описание

Withdrawn Advisory: Infinite loop in xz

Withdrawn Advisory

This advisory has been withdrawn because alerts cannot be issued for the Go standard library at this time.

Original Description

Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.

Ссылки

Пакеты

Наименование

github.com/ulikunitz/xz

Затронутые версииВерсия исправления

< 0.5.8

0.5.8

EPSS

Процентиль: 25%

0.00084

Низкий

7.5 High

CVSS3

CVE ID

CVE-2020-16845

Дефекты

CWE-835

Связанные уязвимости

CVE-2020-16845

CVSS3: 7.5

ubuntu

больше 5 лет назад

Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.

CVE-2020-16845

CVSS3: 7.5

redhat

больше 5 лет назад

Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.

CVE-2020-16845

CVSS3: 7.5

nvd

больше 5 лет назад

Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.

CVE-2020-16845

CVSS3: 7.5

msrc

около 5 лет назад

Описание отсутствует

CVE-2020-16845

CVSS3: 7.5

debian

больше 5 лет назад

Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loo ...

EPSS

Процентиль: 25%

0.00084

Низкий

7.5 High

CVSS3

CVE ID

CVE-2020-16845

Дефекты

CWE-835