Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-28362

Опубликовано: 12 нояб. 2020
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.

A flaw was found in the math/big package of Go's standard library that causes a denial of service. Applications written in Go that use math/big via cryptographic packages, including crypto/rsa and crypto/x509, are vulnerable and can potentially cause panic via a crafted certificate chain. The highest threat from this vulnerability is to system availability.

Отчет

OpenShift ServiceMesh (OSSM) 1.1 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities because it is now in the Maintenance Phase of the support. Openshift Virtualization 1 (formerly Container Native Virtualization) is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities. Red Hat Gluster Storage 3 shipped multi-cloud-object-gateway-cli and noobaa-operator container as a technical preview and is not currently planned to be addressed in future updates. OpenShift Container Platform (OCP) 4.5 and earlier are built with Go versions earlier than 1.14, which are not affected by this vulnerability. OCP 4.6 is built with Go 1.15 and is affected.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Distributed Tracing Jaeger 1distributed-tracing/jaeger-agent-rhel7Not affected
Distributed Tracing Jaeger 1distributed-tracing/jaeger-all-in-one-rhel7Not affected
Distributed Tracing Jaeger 1distributed-tracing/jaeger-rhel7-operatorNot affected
OpenShift Serverlessknative-servingAffected
OpenShift Service Mesh 1iorOut of support scope
OpenShift Service Mesh 1kialiOut of support scope
OpenShift Service Mesh 1servicemeshOut of support scope
OpenShift Service Mesh 1servicemesh-cniOut of support scope
OpenShift Service Mesh 1servicemesh-grafanaOut of support scope
OpenShift Service Mesh 1servicemesh-operatorOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-295
https://bugzilla.redhat.com/show_bug.cgi?id=1897635golang: math/big: panic during recursive division of very large numbers

EPSS

Процентиль: 44%
0.00213
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-28362

CVSS3: 7.5
ubuntu
около 5 лет назад

Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.

nvd логотип

CVE-2020-28362

CVSS3: 7.5
nvd
около 5 лет назад

Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.

msrc логотип

CVE-2020-28362

CVSS3: 7.5
msrc
около 5 лет назад

Описание отсутствует

debian логотип

CVE-2020-28362

CVSS3: 7.5
debian
около 5 лет назад

Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.

github логотип

GHSA-gff4-9rfx-4pcw

github
больше 3 лет назад

Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.

EPSS

Процентиль: 44%
0.00213
Низкий

7.5 High

CVSS3