Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-32189

Опубликовано: 01 авг. 2022
Источник: redhat
CVSS3: 6.5
EPSS Низкий

Описание

A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service.

An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.

Отчет

This flaw stems from a particular and specific method (GoBDecode) which isn't commonly used. There are few components within Red Hat offerings which call this function. In rare cases where this method is called, the component limits possible damage or it is not possible to be triggered by an attacker. For these combined reasons the impact has been downgraded to Low.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Custom Metric Autoscaler operator for Red Hat Openshiftcustom-metrics-autoscaler/custom-metrics-autoscaler-rhel8Out of support scope
Migration Toolkit for Virtualizationmigration-toolkit-virtualization/mtv-controller-rhel9Affected
mirror registry for Red Hat OpenShiftmirror-registry-containerAffected
Node HealthCheck Operatorworkload-availability/node-healthcheck-rhel8-operatorAffected
Node Maintenance Operatorworkload-availability/node-maintenance-rhel8-operatorAffected
OpenShift API for Data Protectionoadp/oadp-velero-rhel8Out of support scope
OpenShift Developer Tools and ServiceshelmFix deferred
OpenShift Developer Tools and Servicesocp-tools-4/jenkins-rhel8Out of support scope
OpenShift Developer Tools and ServicesodoAffected
OpenShift Pipelinesopenshift-pipelines-clientFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=2113814golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service

EPSS

Процентиль: 29%
0.00099
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-32189

CVSS3: 7.5
ubuntu
почти 3 года назад

A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service.

nvd логотип

CVE-2022-32189

CVSS3: 7.5
nvd
почти 3 года назад

A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service.

msrc логотип

CVE-2022-32189

CVSS3: 7.5
msrc
почти 3 года назад

Описание отсутствует

debian логотип

CVE-2022-32189

CVSS3: 7.5
debian
почти 3 года назад

A too-short encoded message can cause a panic in Float.GobDecode and R ...

rocky логотип

RLSA-2022:7950

rocky
больше 2 лет назад

Low: Image Builder security, bug fix, and enhancement update

EPSS

Процентиль: 29%
0.00099
Низкий

6.5 Medium

CVSS3