Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-23772

Опубликовано: 19 янв. 2022
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.

A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. This issue could allow a remote attacker to impact the availability of the system.

Отчет

Red Hat Enterprise Linux 8 and 9 are affected, because the code-base is affected by this vulnerability. Red Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle & Updates Policy: https://access.redhat.com/support/policy/updates/errata/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Migration Toolkit for ContainerscpmaAffected
Migration Toolkit for Containersrhmtc/openshift-migration-velero-rhel8Affected
OpenShift ServerlessCLIAffected
OpenShift Serverlessknative-eventingAffected
OpenShift Service Mesh 2.0servicemeshWill not fix
OpenShift Service Mesh 2.0servicemesh-grafanaWill not fix
OpenShift Service Mesh 2.1servicemesh-grafanaWill not fix
Red Hat Ceph Storage 2golangOut of support scope
Red Hat Ceph Storage 2grafanaOut of support scope
Red Hat Ceph Storage 3golangOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-190
https://bugzilla.redhat.com/show_bug.cgi?id=2053532golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString

EPSS

Процентиль: 3%
0.00017
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-23772

CVSS3: 7.5
ubuntu
больше 3 лет назад

Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.

nvd логотип

CVE-2022-23772

CVSS3: 7.5
nvd
больше 3 лет назад

Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.

msrc логотип

CVE-2022-23772

CVSS3: 7.5
msrc
больше 3 лет назад

Описание отсутствует

debian логотип

CVE-2022-23772

CVSS3: 7.5
debian
больше 3 лет назад

Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17. ...

github логотип

GHSA-q99m-p7hq-5v4f

CVSS3: 7.5
github
больше 3 лет назад

Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.

EPSS

Процентиль: 3%
0.00017
Низкий

7.5 High

CVSS3