PT-2022-21142 · Google+9 · Go+9
Catenacyber
·
Published
2022-08-01
·
Updated
2025-01-17
·
CVE-2022-32189
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Go versions prior to 1.17.13
Go versions prior to 1.18.5
Description
Decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service. A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go.
Recommendations
For Go versions prior to 1.17.13, update to version 1.17.13 or later to resolve the issue.
For Go versions prior to 1.18.5, update to version 1.18.5 or later to resolve the issue.
As a temporary workaround, consider avoiding the use of
Float.GobDecode and Rat.GobDecode functions until a patch is available.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Almalinux
Centos
Debian
Go
Linuxmint
Red Hat
Rocky Linux
Suse
Ubuntu