Hide Forgot
A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service. References: https://go.dev/issue/53871 https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU Upstream Commits: Master : https://github.com/golang/go/commit/055113ef364337607e3e72ed7d48df67fde6fc66 Branch.go1.17 : https://github.com/golang/go/commit/703c8ab7e5ba75c95553d4e249309297abad7102 Branch.go1.18 : https://github.com/golang/go/commit/9240558e4f342fc6e98fec22de17c04b45089349
Created golang tracking bugs for this issue: Affects: epel-all [bug 2113816] Affects: fedora-all [bug 2113815]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7129 https://access.redhat.com/errata/RHSA-2022:7129
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7548 https://access.redhat.com/errata/RHSA-2022:7548
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:7950 https://access.redhat.com/errata/RHSA-2022:7950
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.11 Via RHSA-2022:8534 https://access.redhat.com/errata/RHSA-2022:8534
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.11 Via RHSA-2022:8535 https://access.redhat.com/errata/RHSA-2022:8535
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.11 Ironic content for Red Hat OpenShift Container Platform 4.11 Via RHSA-2022:8626 https://access.redhat.com/errata/RHSA-2022:8626
This issue has been addressed in the following products: RHOL-5.5-RHEL-8 Via RHSA-2022:8781 https://access.redhat.com/errata/RHSA-2022:8781
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2022:7398 https://access.redhat.com/errata/RHSA-2022:7398
This issue has been addressed in the following products: Red Hat OpenShift Service Mesh 2.3 for RHEL 8 Via RHSA-2023:0542 https://access.redhat.com/errata/RHSA-2023:0542
This issue has been addressed in the following products: Red Hat Migration Toolkit for Containers 1.7 Via RHSA-2023:0693 https://access.redhat.com/errata/RHSA-2023:0693
This issue has been addressed in the following products: Red Hat OpenStack Platform 16.1 Red Hat OpenStack Platform 16.2 Via RHSA-2023:1275 https://access.redhat.com/errata/RHSA-2023:1275