PT-2022-3207 · Go+6 · Go+6

Published

2022-01-20

·

Updated

2024-06-15

·

CVE-2022-23772

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Go versions prior to 1.16.14 Go versions 1.17.x prior to 1.17.7
Description The issue is related to the implementation of the SetString() function in the Rat class of the math/big package in the Go programming language, which is associated with resource exhaustion. Exploitation of this issue can allow a remote attacker to cause a denial of service. The problem is caused by an overflow that can lead to uncontrolled memory consumption.
Recommendations For Go versions prior to 1.16.14, update to version 1.16.14 or later. For Go versions 1.17.x prior to 1.17.7, update to version 1.17.7 or later.

Fix

Resource Exhaustion

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-190

Related Identifiers

ALSA-2022:1819
ALT-PU-2022-1265
ALT-PU-2022-1283
ALT-PU-2022-1435
ALT-PU-2022-2873
AZL-8512
BDU:2022-03899
BIT-GOLANG-2022-23772
CESA-2022_1819
CVE-2022-23772
DLA-2985-1
DLA-2986-1
GO-2021-0317
MGASA-2022-0091
OESA-2022-1585
OPENSUSE-SU-2022:0723-1
OPENSUSE-SU-2022:0724-1
OPENSUSE-SU-2022_0723-1
OPENSUSE-SU-2022_0724-1
OPENSUSE-SU-2024:11843-1
OPENSUSE-SU-2024:11844-1
RHSA-2022:1819
RHSA-2022:4860
RHSA-2022:5004
RHSA-2022:5068
RHSA-2022:6155
RHSA-2022_1819
RHSA-2023:3914
RHSA-2024:5754
RHSA-2024:6412
RLSA-2022:1819
SUSE-SU-2022:0723-1
SUSE-SU-2022:0724-1
SUSE-SU-2022_0723-1
SUSE-SU-2022_0724-1

Affected Products

Alt Linux
Almalinux
Centos
Go
Red Hat
Rocky Linux
Suse