Bug 1897635 (CVE-2020-28362) - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers
Summary: CVE-2020-28362 golang: math/big: panic during recursive division of very larg...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-28362
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1897636 1897637 1898659 1898660 1898820 1898829 1898835 1898955 1899185 1902915 1902916 1902917 1902918 1902919 1902920 1902921 1902922 1902923 1902924 1902926 1902927 1902928 1905509 1905510 1905511 1905512 1905513 1905514 1905515 1905516 1905517 1905518 1905520 1905521 1905522 1905523 1905524 1905525 1905526 1905527 1905528 1905529 1905530 1905531 1905533 1905534 1905535 1905536 1905537 1905538 1905539 1905540 1906015 1906016 1906017 1906018 1906019 1906020 1913515 1914054 1914055 1914058 1914059 1916004 1916187 1916953 1934654 1934655 1934657 1934658 1934659 1934660 1934661 1934662 1934663 1935187 1935188 1935189 1935190 1935191 1935192 1935200 1935203
Blocks: 1897651
TreeView+ depends on / blocked
 
Reported: 2020-11-13 17:02 UTC by Guilherme de Almeida Suckevicz
Modified: 2023-10-09 11:33 UTC (History)
104 users (show)

See Also:
Fixed In Version: go 1.15.5, go 1.14.12
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the math/big package of Go's standard library that causes a denial of service. Applications written in Go that use math/big via cryptographic packages, including crypto/rsa and crypto/x509, are vulnerable and can potentially cause panic via a crafted certificate chain. The highest threat from this vulnerability is to system availability.
Clone Of:
Environment:
Last Closed: 2020-12-15 22:19:14 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:5333 0 None None None 2020-12-03 11:19:27 UTC
Red Hat Product Errata RHSA-2020:5493 0 None None None 2020-12-15 17:06:29 UTC
Red Hat Product Errata RHSA-2020:5633 0 None None None 2021-02-24 15:10:28 UTC
Red Hat Product Errata RHSA-2021:0037 0 None None None 2021-01-18 17:57:15 UTC
Red Hat Product Errata RHSA-2021:0038 0 None None None 2021-01-18 16:03:21 UTC
Red Hat Product Errata RHSA-2021:0039 0 None None None 2021-01-18 17:34:16 UTC
Red Hat Product Errata RHSA-2021:0145 0 None None None 2021-01-14 13:38:57 UTC
Red Hat Product Errata RHSA-2021:0146 0 None None None 2021-01-14 16:30:46 UTC
Red Hat Product Errata RHSA-2021:0436 0 None None None 2021-02-16 13:16:35 UTC
Red Hat Product Errata RHSA-2021:0568 0 None None None 2021-02-16 09:18:54 UTC
Red Hat Product Errata RHSA-2021:0799 0 None None None 2021-03-10 11:15:54 UTC
Red Hat Product Errata RHSA-2021:2532 0 None None None 2021-06-23 15:38:04 UTC
Red Hat Product Errata RHSA-2021:2543 0 None None None 2021-06-24 15:19:58 UTC

Description Guilherme de Almeida Suckevicz 2020-11-13 17:02:38 UTC 
A number of math/big.Int methods (Div, Exp, DivMod, Quo, Rem, QuoRem, Mod, ModInverse, ModSqrt, Jacobi, and GCD) can panic when provided crafted large inputs. For the panic to happen, the divisor or modulo argument must be larger than 3168 bits (on 32-bit architectures) or 6336 bits (on 64-bit architectures). Multiple math/big.Rat methods are similarly affected.

References:
https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM/m/fLguyiM2CAAJ
https://github.com/golang/go/issues/42552
Comment 1 Guilherme de Almeida Suckevicz 2020-11-13 17:03:16 UTC 
Created golang tracking bugs for this issue:

Affects: epel-all [bug 1897637]
Affects: fedora-all [bug 1897636]
Comment 3 Przemyslaw Roguski 2020-11-19 16:12:48 UTC 
Upstream commit with fix:
https://github.com/golang/go/commit/1e1fa5903b760c6714ba17e50bf850b01f49135c
Comment 12 errata-xmlrpc 2020-12-03 11:19:46 UTC 
This issue has been addressed in the following products:

  Red Hat Developer Tools

Via RHSA-2020:5333 https://access.redhat.com/errata/RHSA-2020:5333
Comment 23 Sage McTaggart 2020-12-15 15:13:48 UTC 
Statement:

OpenShift ServiceMesh (OSSM) 1.1 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities because it is now in the Maintenance Phase of the support.
Openshift Virtualization 1 (formerly Container Native Virtualization) is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities.

Red Hat Gluster Storage 3 shipped multi-cloud-object-gateway-cli and noobaa-operator container as a technical preview and is not currently planned to be addressed in future updates.

OpenShift Container Platform (OCP) 4.5 and earlier are built with Go versions earlier than 1.14, which are not affected by this vulnerability. OCP 4.6 is built with Go 1.15 and is affected.
Comment 24 errata-xmlrpc 2020-12-15 17:06:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:5493 https://access.redhat.com/errata/RHSA-2020:5493
Comment 25 Product Security DevOps Team 2020-12-15 22:19:14 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-28362
Comment 26 errata-xmlrpc 2021-01-14 13:38:53 UTC 
This issue has been addressed in the following products:

  Openshift Serverless 1 on RHEL 8

Via RHSA-2021:0145 https://access.redhat.com/errata/RHSA-2021:0145
Comment 27 errata-xmlrpc 2021-01-14 16:31:20 UTC 
This issue has been addressed in the following products:

  Openshift Serveless 1.12

Via RHSA-2021:0146 https://access.redhat.com/errata/RHSA-2021:0146
Comment 28 errata-xmlrpc 2021-01-18 16:03:56 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.6

Via RHSA-2021:0038 https://access.redhat.com/errata/RHSA-2021:0038
Comment 29 errata-xmlrpc 2021-01-18 17:34:13 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.6

Via RHSA-2021:0039 https://access.redhat.com/errata/RHSA-2021:0039
Comment 30 errata-xmlrpc 2021-01-18 17:57:09 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.6

Via RHSA-2021:0037 https://access.redhat.com/errata/RHSA-2021:0037
Comment 31 errata-xmlrpc 2021-02-16 09:18:42 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.6

Via RHSA-2021:0568 https://access.redhat.com/errata/RHSA-2021:0568
Comment 32 errata-xmlrpc 2021-02-16 13:16:29 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.6

Via RHSA-2021:0436 https://access.redhat.com/errata/RHSA-2021:0436
Comment 35 errata-xmlrpc 2021-02-24 15:10:22 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.7

Via RHSA-2020:5633 https://access.redhat.com/errata/RHSA-2020:5633
Comment 40 errata-xmlrpc 2021-03-10 11:15:46 UTC 
This issue has been addressed in the following products:

  RHEL-8-CNV-2.6

Via RHSA-2021:0799 https://access.redhat.com/errata/RHSA-2021:0799
Comment 41 errata-xmlrpc 2021-05-04 19:33:02 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.7

Via RHSA-2021:1366 https://access.redhat.com/errata/RHSA-2021:1366
Comment 42 Siddharth Sharma 2021-05-10 17:54:13 UTC 
This bug will be shipped as part of next z-stream release 4.7.11 on May 19th, as 4.7.10 was dropped.
Comment 43 Siddharth Sharma 2021-05-10 17:57:19 UTC 
This bug will be shipped as part of next z-stream release 4.7.11 on May 19th, as 4.7.10 was dropped due to a blocker https://bugzilla.redhat.com/show_bug.cgi?id=1958518.
Comment 45 errata-xmlrpc 2021-05-19 09:14:40 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Storage 4.7.0 on RHEL-8

Via RHSA-2021:2041 https://access.redhat.com/errata/RHSA-2021:2041
Comment 46 errata-xmlrpc 2021-05-19 10:23:11 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Storage 4.7.0 on RHEL-8

Via RHSA-2021:2042 https://access.redhat.com/errata/RHSA-2021:2042
Comment 47 errata-xmlrpc 2021-05-19 15:00:59 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.7

Via RHSA-2021:1551 https://access.redhat.com/errata/RHSA-2021:1551
Comment 49 errata-xmlrpc 2021-06-23 15:37:51 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Jaeger 1.17

Via RHSA-2021:2532 https://access.redhat.com/errata/RHSA-2021:2532
Comment 50 errata-xmlrpc 2021-06-24 15:19:45 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Jaeger 1.20

Via RHSA-2021:2543 https://access.redhat.com/errata/RHSA-2021:2543
Note You need to log in before you can comment on or make changes to this bug.