Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-33198

Опубликовано: 10 мар. 2021
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.

A flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability.

Отчет

  • Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.
  • In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenShift Serverlessknative-eventingAffected
OpenShift Service Mesh 2.0servicemeshAffected
OpenShift Service Mesh 2.0servicemesh-grafanaAffected
OpenShift Service Mesh 2.0servicemesh-operatorWill not fix
OpenShift Service Mesh 2.0servicemesh-prometheusAffected
Red Hat Ceph Storage 2golangOut of support scope
Red Hat Ceph Storage 2grafanaOut of support scope
Red Hat Ceph Storage 3golangOut of support scope
Red Hat Ceph Storage 3golang-github-prometheus-node_exporterOut of support scope
Red Hat Ceph Storage 3grafanaOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1989575golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents

EPSS

Процентиль: 6%
0.00028
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-33198

CVSS3: 7.5
ubuntu
почти 4 года назад

In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.

nvd логотип

CVE-2021-33198

CVSS3: 7.5
nvd
почти 4 года назад

In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.

msrc логотип

CVE-2021-33198

CVSS3: 7.5
msrc
9 месяцев назад

Описание отсутствует

debian логотип

CVE-2021-33198

CVSS3: 7.5
debian
почти 4 года назад

In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic fo ...

github логотип

GHSA-q2pw-fq43-w78v

CVSS3: 7.5
github
около 3 лет назад

Go before 1.15.12 and 1.16.x before 1.16.5 attempts to allocate excessive memory (issue 2 of 2).

EPSS

Процентиль: 6%
0.00028
Низкий

7.5 High

CVSS3

Уязвимость CVE-2021-33198