Bug 2113814 (CVE-2022-32189)
| Summary: | CVE-2022-32189 golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | TEJ RATHI <trathi> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | abishop, adudiak, agerstmayr, akashem, alakatos, amackenz, amasferr, amurdaca, ansmith, aoconnor, apevec, asm, ataylor, bbaude, bbennett, bbuckingham, bcl, bcoca, bcourt, bdettelb, bkundu, bmontgom, bniver, bodavis, chazlett, chousekn, cmeyers, davidn, dbenoit, dcadzow, debarshir, deparker, dkenigsb, dornelas, dwalsh, dwd, dwhatley, dymurray, eduardo.ramalho, eglynn, ehelms, emachado, eparis, fdeutsch, flucifre, gblomqui, gmeno, gparvin, grafana-maint, ibolton, jaharrin, jburrell, jcajka, jcammara, jcantril, jchui, jeder, jhardy, jjoyce, jkurik, jligon, jmatthew, jmontleo, jnovy, jobarker, jpadman, jramanat, jross, jsherril, jwendell, jwon, lball, lemenkov, lhh, lmadsen, lmeyer, lsm5, lzap, mabashia, matzew, maxwell, mbenjamin, mburns, mcressma, mfojtik, mgarciac, mhackett, mheon, mhulan, mkudlej, mmagr, mmccune, mnewsome, mrunge, mrussell, mwringe, nathans, nboldt, njean, nmoumoul, nobody, notting, nstielau, ocs-bugs, orabin, oramraz, osapryki, osbuilders, oskutka, pahickey, pcreech, pehunt, periklis, pjindal, ploffay, pthomas, rcernich, rchan, relrod, rhcos-sst, rhcos-triage, rhos-maint, rhuss, rkieley, rpetrell, rphillips, rsroka, saroy, scorneli, sdoran, sgott, sipoyare, slucidi, smcdonal, smullick, sostapov, sponnaga, spower, sseago, stcannon, tfister, tjochec, tkuratom, tstellar, tsweeney, twalsh, umohnani, vereddy, vkumar, whayutin, xxia, ytale |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | golang 1.17.13, golang 1.18.5 | Doc Type: | If docs needed, set a value |
| Doc Text: |
An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-05-18 19:12:07 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2113951, 2118439, 2113815, 2113816, 2115724, 2115725, 2115726, 2115727, 2116750, 2116751, 2116752, 2116753, 2116754, 2116755, 2116756, 2116757, 2116758, 2116759, 2116760, 2116761, 2116762, 2116763, 2116764, 2116765, 2116766, 2116767, 2116768, 2116769, 2116770, 2116771, 2116772, 2116773, 2116774, 2116775, 2116776, 2116777, 2116778, 2116779, 2116780, 2116781, 2116782, 2116783, 2116784, 2116785, 2116786, 2116787, 2118437, 2118438, 2118440, 2118441, 2118442, 2118443, 2118444, 2118445, 2118446, 2118447, 2118448, 2118449, 2118450, 2118451, 2118452, 2118453, 2118454, 2118455, 2118456, 2118457, 2134427, 2134428, 2168805 | ||
| Bug Blocks: | 2113817 | ||
|
Description
TEJ RATHI
2022-08-02 05:21:23 UTC
Created golang tracking bugs for this issue: Affects: epel-all [bug 2113816] Affects: fedora-all [bug 2113815] This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7129 https://access.redhat.com/errata/RHSA-2022:7129 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7548 https://access.redhat.com/errata/RHSA-2022:7548 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:7950 https://access.redhat.com/errata/RHSA-2022:7950 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.11 Via RHSA-2022:8534 https://access.redhat.com/errata/RHSA-2022:8534 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.11 Via RHSA-2022:8535 https://access.redhat.com/errata/RHSA-2022:8535 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.11 Ironic content for Red Hat OpenShift Container Platform 4.11 Via RHSA-2022:8626 https://access.redhat.com/errata/RHSA-2022:8626 This issue has been addressed in the following products: RHOL-5.5-RHEL-8 Via RHSA-2022:8781 https://access.redhat.com/errata/RHSA-2022:8781 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2022:7398 https://access.redhat.com/errata/RHSA-2022:7398 This issue has been addressed in the following products: Red Hat OpenShift Service Mesh 2.3 for RHEL 8 Via RHSA-2023:0542 https://access.redhat.com/errata/RHSA-2023:0542 This issue has been addressed in the following products: Red Hat Migration Toolkit for Containers 1.7 Via RHSA-2023:0693 https://access.redhat.com/errata/RHSA-2023:0693 This issue has been addressed in the following products: Red Hat OpenStack Platform 16.1 Red Hat OpenStack Platform 16.2 Via RHSA-2023:1275 https://access.redhat.com/errata/RHSA-2023:1275 This issue has been addressed in the following products: STF-1.5-RHEL-8 Via RHSA-2023:1529 https://access.redhat.com/errata/RHSA-2023:1529 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:2193 https://access.redhat.com/errata/RHSA-2023:2193 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:2236 https://access.redhat.com/errata/RHSA-2023:2236 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:2357 https://access.redhat.com/errata/RHSA-2023:2357 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:2758 https://access.redhat.com/errata/RHSA-2023:2758 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:2802 https://access.redhat.com/errata/RHSA-2023:2802 This issue has been addressed in the following products: RHEL-9-CNV-4.13 RHEL-7-CNV-4.13 RHEL-8-CNV-4.13 Via RHSA-2023:3204 https://access.redhat.com/errata/RHSA-2023:3204 This issue has been addressed in the following products: RHEL-9-CNV-4.13 Via RHSA-2023:3205 https://access.redhat.com/errata/RHSA-2023:3205 This issue has been addressed in the following products: OSSO-1.1-RHEL-8 Via RHSA-2023:0584 https://access.redhat.com/errata/RHSA-2023:0584 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-32189 This issue has been addressed in the following products: Red Hat Ceph Storage 6.1 Via RHSA-2023:3642 https://access.redhat.com/errata/RHSA-2023:3642 This issue has been addressed in the following products: RHODF-4.13-RHEL-9 Via RHSA-2023:3742 https://access.redhat.com/errata/RHSA-2023:3742 |