Vulnerability Report: GO-2022-0537
standard library- CVE-2022-32189
- Affects: math/big
- Published: Aug 01, 2022
- Modified: May 20, 2024
Decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service.
Affected Packages
-
PathGo VersionsSymbols
-
before go1.17.13, from go1.18.0-0 before go1.18.5
Aliases
References
- https://go.dev/cl/417774
- https://go.googlesource.com/go/+/055113ef364337607e3e72ed7d48df67fde6fc66
- https://go.dev/issue/53871
- https://groups.google.com/g/golang-announce/c/YqYYG87xB10
- https://vuln.go.dev/ID/GO-2022-0537.json
Credits
- @catenacyber
Feedback
See anything missing or incorrect?
Suggest an edit to this report.