Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-16845

Опубликовано: 06 авг. 2020
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.

A flaw was found in the Go encoding/binary package. Certain invalid inputs to the ReadUvarint or the ReadVarint causes those functions to read an unlimited number of bytes from the ByteReader argument before returning an error. This flaw possibly leads to processing more input than expected. The highest threat from this vulnerability is to system availability.

Отчет

OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM), RedHat OpenShift Jaeger (RHOSJ) and OpenShift Virtualization components are primarily written in Go, meaning that any component using the encoding/binary package includes the vulnerable code. The affected components are behind OpenShift OAuth authentication, therefore the impact is low. Red Hat Gluster Storage 3, Red Hat OpenShift Container Storage 4 and Red Hat Ceph Storage (3 and 4) components are built with the affected version of Go, however the vulnerable functionality is currently not used by these products and hence this issue has been rated as having a security impact of Low.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenShift Service Mesh 1jaegerOut of support scope
OpenShift Service Mesh 1jaeger-operatorOut of support scope
OpenShift Service Mesh 1kialiAffected
Red Hat Ceph Storage 2golangOut of support scope
Red Hat Ceph Storage 2grafanaOut of support scope
Red Hat Ceph Storage 3golangAffected
Red Hat Ceph Storage 3golang-github-prometheus-node_exporterAffected
Red Hat Ceph Storage 3grafanaAffected
Red Hat Ceph Storage 4rhceph/rhceph-4-dashboard-rhel8Affected
Red Hat Enterprise Linux 7gccWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-835
https://bugzilla.redhat.com/show_bug.cgi?id=1867099golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs

EPSS

Процентиль: 26%
0.00084
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-16845

CVSS3: 7.5
ubuntu
почти 5 лет назад

Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.

nvd логотип

CVE-2020-16845

CVSS3: 7.5
nvd
почти 5 лет назад

Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.

msrc логотип

CVE-2020-16845

CVSS3: 7.5
msrc
почти 5 лет назад

Описание отсутствует

debian логотип

CVE-2020-16845

CVSS3: 7.5
debian
почти 5 лет назад

Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loo ...

suse-cvrf логотип

openSUSE-SU-2020:1194-1

suse-cvrf
почти 5 лет назад

Security update for go1.13

EPSS

Процентиль: 26%
0.00084
Низкий

7.5 High

CVSS3