CVE-2022-32189

Published: Aug 9, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service.

Vendor	Product	Versions
Go standard library	math/big	affected `0 - < 1.17.13` affected `1.18.0-0 - < 1.18.5`

References

https://go.dev/cl/417774

https://go.googlesource.com/go/+/055113ef364337607e3e72ed7d48df67fde6fc66

https://go.dev/issue/53871

https://groups.google.com/g/golang-announce/c/YqYYG87xB10

https://pkg.go.dev/vuln/GO-2022-0537

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-32189

Description

Affected Products

References