CVE-2022-32189

EUVD-2022-53401
A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
Affected Products (NVD)
VendorProductVersion
golanggo
𝑥
< 1.17.13
golanggo
1.18.0 ≤
𝑥
< 1.18.5
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
golang-1.15
bullseye
vulnerable
buster
postponed
golang-1.19
bookworm
1.19.8-2
fixed
bullseye
no-dsa
buster
postponed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
golang
bionic
dne
focal
dne
jammy
dne
kinetic
dne
lunar
dne
mantic
dne
noble
dne
trusty
dne
xenial
dne
golang-1.10
bionic
needs-triage
focal
dne
jammy
dne
kinetic
dne
lunar
dne
mantic
dne
noble
dne
trusty
needs-triage
xenial
needs-triage
golang-1.13
bionic
Fixed 1.13.8-1ubuntu1~18.04.4+esm1
released
focal
Fixed 1.13.8-1ubuntu1.2
released
jammy
Fixed 1.13.8-1ubuntu2.22.04.2
released
kinetic
ignored
lunar
dne
mantic
dne
noble
dne
trusty
dne
xenial
Fixed 1.13.8-1ubuntu1~16.04.3+esm3
released
golang-1.14
bionic
dne
focal
needs-triage
jammy
dne
kinetic
dne
lunar
dne
mantic
dne
noble
dne
trusty
dne
xenial
dne
golang-1.15
bionic
dne
focal
dne
trusty
dne
xenial
dne
golang-1.16
bionic
Fixed 1.16.2-0ubuntu1~18.04.2+esm1
released
focal
Fixed 1.16.2-0ubuntu1~20.04.1
released
jammy
dne
kinetic
dne
lunar
dne
mantic
dne
noble
dne
trusty
dne
xenial
ignored
golang-1.17
bionic
dne
focal
dne
jammy
needs-triage
kinetic
dne
lunar
dne
mantic
dne
noble
dne
trusty
dne
xenial
ignored
golang-1.18
bionic
Fixed 1.18.1-1ubuntu1~18.04.4
released
focal
Fixed 1.18.1-1ubuntu1~20.04.2
released
jammy
Fixed 1.18.1-1ubuntu1.1
released
kinetic
dne
lunar
dne
mantic
dne
noble
dne
trusty
dne
xenial
Fixed 1.18.1-1ubuntu1~16.04.4
released
golang-1.6
bionic
dne
focal
dne
jammy
dne
kinetic
dne
lunar
dne
mantic
dne
noble
dne
trusty
dne
xenial
needs-triage
golang-1.8
bionic
needs-triage
focal
dne
jammy
dne
kinetic
dne
lunar
dne
mantic
dne
noble
dne
trusty
dne
xenial
dne
golang-1.9
bionic
needs-triage
focal
dne
jammy
dne
kinetic
dne
lunar
dne
mantic
dne
noble
dne
trusty
dne
xenial
dne
References
https://go.dev/cl/417774
https://go.dev/issue/53871
https://go.googlesource.com/go/+/055113ef364337607e3e72ed7d48df67fde6fc66
https://groups.google.com/g/golang-announce/c/YqYYG87xB10
https://pkg.go.dev/vuln/GO-2022-0537
https://go.dev/cl/417774
https://go.dev/issue/53871
https://go.googlesource.com/go/+/055113ef364337607e3e72ed7d48df67fde6fc66
https://groups.google.com/g/golang-announce/c/YqYYG87xB10
https://pkg.go.dev/vuln/GO-2022-0537