CVE-2022-32189

Public on 2022-08-10

Modified on 2024-04-08

Description

A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service.

Severity

Medium

CVSS v3 Base Score

5.3

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory	Status
Amazon Linux 1	golang	2023-04-13	ALAS-2023-1731	Fixed
Amazon Linux 2 - Core	golang	2022-09-15	ALAS2-2022-1846	Fixed
Amazon Linux 2023	golang	2023-02-17	ALAS2023-2023-048	Fixed

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	5.3	AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/
NVD	CVSSv3	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

Red Hat: CVE-2022-32189 Mitre: CVE-2022-32189