Vulnerability Report: GO-2021-0242
- CVE-2021-33198
- Affects: math/big
- Published: Feb 17, 2022
- Modified: Jun 12, 2023
Rat.SetString and Rat.UnmarshalText may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents.
Affected Packages
-
PathVersionsSymbols
-
before go1.15.13, from go1.16.0-0 before go1.16.5
Aliases
References
- https://go.dev/cl/316149
- https://go.googlesource.com/go/+/6c591f79b0b5327549bd4e94970f7a279efb4ab0
- https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI
- https://go.dev/issue/45910
- https://vuln.go.dev/ID/GO-2021-0242.json
Credits
- The OSS-Fuzz project (discovery)Emmanuel Odeke (reporter)
Feedback
See anything missing or incorrect?
Suggest an edit to this report.