CVE-2022-32189

A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
Affected Products (NVD)
VendorProductVersion
golanggo
𝑥
< 1.17.13
golanggo
1.18.0 ≤
𝑥
< 1.18.5
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
golang-1.15
bullseye
vulnerable
buster
postponed
golang-1.19
bookworm
1.19.8-2
fixed
bullseye
no-dsa
buster
postponed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
golang
bionic
dne
focal
dne
jammy
dne
kinetic
dne
lunar
dne
mantic
dne
noble
dne
trusty
dne
xenial
dne
golang-1.10
bionic
needs-triage
focal
dne
jammy
dne
kinetic
dne
lunar
dne
mantic
dne
noble
dne
trusty
needs-triage
xenial
needs-triage
golang-1.13
bionic
Fixed 1.13.8-1ubuntu1~18.04.4+esm1
released
focal
Fixed 1.13.8-1ubuntu1.2
released
jammy
Fixed 1.13.8-1ubuntu2.22.04.2
released
kinetic
ignored
lunar
dne
mantic
dne
noble
dne
trusty
dne
xenial
Fixed 1.13.8-1ubuntu1~16.04.3+esm3
released
golang-1.14
bionic
dne
focal
needs-triage
jammy
dne
kinetic
dne
lunar
dne
mantic
dne
noble
dne
trusty
dne
xenial
dne
golang-1.15
bionic
dne
focal
dne
trusty
dne
xenial
dne
golang-1.16
bionic
Fixed 1.16.2-0ubuntu1~18.04.2+esm1
released
focal
Fixed 1.16.2-0ubuntu1~20.04.1
released
jammy
dne
kinetic
dne
lunar
dne
mantic
dne
noble
dne
trusty
dne
xenial
ignored
golang-1.17
bionic
dne
focal
dne
jammy
needs-triage
kinetic
dne
lunar
dne
mantic
dne
noble
dne
trusty
dne
xenial
ignored
golang-1.18
bionic
Fixed 1.18.1-1ubuntu1~18.04.4
released
focal
Fixed 1.18.1-1ubuntu1~20.04.2
released
jammy
Fixed 1.18.1-1ubuntu1.1
released
kinetic
dne
lunar
dne
mantic
dne
noble
dne
trusty
dne
xenial
Fixed 1.18.1-1ubuntu1~16.04.4
released
golang-1.6
bionic
dne
focal
dne
jammy
dne
kinetic
dne
lunar
dne
mantic
dne
noble
dne
trusty
dne
xenial
needs-triage
golang-1.8
bionic
needs-triage
focal
dne
jammy
dne
kinetic
dne
lunar
dne
mantic
dne
noble
dne
trusty
dne
xenial
dne
golang-1.9
bionic
needs-triage
focal
dne
jammy
dne
kinetic
dne
lunar
dne
mantic
dne
noble
dne
trusty
dne
xenial
dne
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
butane
RHEL 9
0:0.16.0-1.el9
fixed
git-lfs
RHEL 9
0:3.2.0-1.el9
fixed
golang
RHEL 9
0:1.18.9-1.el9_1
fixed
golang-bin
RHEL 9
0:1.18.9-1.el9_1
fixed
golang-docs
RHEL 9
0:1.18.9-1.el9_1
fixed
golang-misc
RHEL 9
0:1.18.9-1.el9_1
fixed
golang-race
RHEL 9
0:1.18.9-1.el9_1
fixed
golang-src
RHEL 9
0:1.18.9-1.el9_1
fixed
golang-tests
RHEL 9
0:1.18.9-1.el9_1
fixed
toolbox
RHEL 9
0:0.0.99.3-9.el9
fixed
toolbox-tests
RHEL 9
0:0.0.99.3-9.el9
fixed
weldr-client
RHEL 9
0:35.5-4.el9
fixed
References
https://go.dev/cl/417774
https://go.dev/issue/53871
https://go.googlesource.com/go/+/055113ef364337607e3e72ed7d48df67fde6fc66
https://groups.google.com/g/golang-announce/c/YqYYG87xB10
https://pkg.go.dev/vuln/GO-2022-0537
https://go.dev/cl/417774
https://go.dev/issue/53871
https://go.googlesource.com/go/+/055113ef364337607e3e72ed7d48df67fde6fc66
https://groups.google.com/g/golang-announce/c/YqYYG87xB10
https://pkg.go.dev/vuln/GO-2022-0537