GHSA-q6gq-997w-f55g

Опубликовано: 16 дек. 2021

Источник: github

Github: Прошло ревью

CVSS3: 7.5

Описание

Withdrawn Advisory: Infinite loop in xz

Withdrawn Advisory

This advisory has been withdrawn because alerts cannot be issued for the Go standard library at this time.

Original Description

Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.

Ссылки

Пакеты

Наименование

github.com/ulikunitz/xz

Затронутые версииВерсия исправления

< 0.5.8

0.5.8

EPSS

Процентиль: 91%

0.04692

Низкий

7.5 High

CVSS3

CVE ID

CVE-2020-16845

Дефекты

CWE-835

Связанные уязвимости

CVE-2020-16845

CVSS3: 7.5

ubuntu

почти 6 лет назад

Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.

CVE-2020-16845

CVSS3: 7.5

redhat

почти 6 лет назад

Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.

CVE-2020-16845

CVSS3: 7.5

nvd

почти 6 лет назад

Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.

CVE-2020-16845

CVSS3: 7.5

msrc

почти 6 лет назад

Описание отсутствует

CVE-2020-16845

CVSS3: 7.5

debian

почти 6 лет назад

Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loo ...

EPSS

Процентиль: 91%

0.04692

Низкий

7.5 High

CVSS3

CVE ID

CVE-2020-16845

Дефекты

CWE-835