зеркало из https://github.com/golang/vulndb.git
28 строки
860 B
YAML
28 строки
860 B
YAML
modules:
|
|
- module: std
|
|
versions:
|
|
- fixed: 1.15.13
|
|
- introduced: 1.16.0
|
|
fixed: 1.16.5
|
|
vulnerable_at: 1.16.4
|
|
packages:
|
|
- package: math/big
|
|
symbols:
|
|
- Rat.SetString
|
|
skip_fix: 'TODO: revisit this reason (fix appears to not work with Go <1.18)'
|
|
description: |
|
|
Rat.SetString and Rat.UnmarshalText may cause a panic or an
|
|
unrecoverable fatal error if passed inputs with very large
|
|
exponents.
|
|
published: 2022-02-17T17:33:07Z
|
|
cves:
|
|
- CVE-2021-33198
|
|
credit: |
|
|
the OSS-Fuzz project for discovering this issue and to Emmanuel
|
|
Odeke for reporting it
|
|
references:
|
|
- fix: https://go.dev/cl/316149
|
|
- fix: https://go.googlesource.com/go/+/6c591f79b0b5327549bd4e94970f7a279efb4ab0
|
|
- web: https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI
|
|
- report: https://go.dev/issue/45910
|