Quim Muntal

**Name of the Vulnerable Software and Affected Versions** Go versions prior to 1.17.11 Go versions prior to 1.18.3 **Description** The issue is related to an infinite loop in the Read function of the crypto/rand package in Go. This allows an attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes. The problem is specific to Windows. **Recommendations** For Go versions prior to 1.17.11, update to version 1.17.11 or later to resolve the issue. For Go versions prior to 1.18.3, update to version 1.18.3 or later to resolve the issue.