Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/vulndb: potential Go vuln in std: CVE-2022-32189 #537

Closed
tatianab opened this issue Aug 1, 2022 · 3 comments
Closed

x/vulndb: potential Go vuln in std: CVE-2022-32189 #537

tatianab opened this issue Aug 1, 2022 · 3 comments
Assignees
@tatianab
Labels
cve-year-2022 stdlib

Comments

@tatianab
Copy link
Contributor

tatianab commented Aug 1, 2022

Description

encoding/gob & math/big: decoding big.Float and big.Rat can panic

Decoding big.Float and big.Rat types can panic if the encoded message is too short.

Affected Modules, Packages, Versions and Symbols

Module: std
Package: math/big
Versions:
  - Fixed: 1.17.13
  - Introduced: 1.18.0
    Fixed: 1.18.5
Symbols:
  - Float.GobDecode
  - Rat.GobDecode

Does this vulnerability already have an associated CVE ID?

Yes

CVE ID

CVE-2022-32189

Credit

catenacyber

CWE ID

CWE-400 Uncontrolled Resource Consumption

Pull Request

https://go.dev/cl/417774

Commit

https://go.googlesource.com/go/+/055113ef364337607e3e72ed7d48df67fde6fc66

References

Additional information

No response
@tatianab tatianab self-assigned this Aug 1, 2022
@tatianab
Copy link
Contributor Author

tatianab commented Aug 1, 2022

issue: golang/go#53871

@gopherbot
Copy link
Contributor

Change https://go.dev/cl/420657 mentions this issue: x/vulndb: add reports/GO-2022-0537.yaml for CVE-2022-32189

gopherbot pushed a commit that referenced this issue Aug 1, 2022
@tatianab
x/vulndb: add reports/GO-2022-0537.yaml for CVE-2022-32189
5473dc7 
Updates #537

Change-Id: I25c9b6f4b53e2a1148bad01b13f73fa3cded3478
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/420657
Reviewed-by: Damien Neil <dneil@google.com>
@tatianab
Copy link
Contributor Author

tatianab commented Aug 9, 2022

requested CVE record

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tatianab tatianab

Labels
cve-year-2022 stdlib
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tatianab @gopherbot