Unrated severityNVD Advisory· Published Aug 9, 2022· Updated Aug 3, 2024

Panic when decoding Float and Rat types in math/big

CVE-2022-32189

Description

A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service.

Affected products

osv-coords66 versions
pkg:bitnami/golang pkg:rpm/almalinux/aardvark-dns pkg:rpm/almalinux/buildah pkg:rpm/almalinux/buildah-tests pkg:rpm/almalinux/butane pkg:rpm/almalinux/cockpit-podman pkg:rpm/almalinux/conmon pkg:rpm/almalinux/containernetworking-plugins pkg:rpm/almalinux/containers-common pkg:rpm/almalinux/container-selinux pkg:rpm/almalinux/crit pkg:rpm/almalinux/criu pkg:rpm/almalinux/criu-devel pkg:rpm/almalinux/criu-libs pkg:rpm/almalinux/crun pkg:rpm/almalinux/fuse-overlayfs pkg:rpm/almalinux/git-lfs pkg:rpm/almalinux/libslirp pkg:rpm/almalinux/libslirp-devel pkg:rpm/almalinux/netavark pkg:rpm/almalinux/oci-seccomp-bpf-hook pkg:rpm/almalinux/podman pkg:rpm/almalinux/podman-catatonit pkg:rpm/almalinux/podman-docker pkg:rpm/almalinux/podman-gvproxy pkg:rpm/almalinux/podman-plugins pkg:rpm/almalinux/podman-remote pkg:rpm/almalinux/podman-tests pkg:rpm/almalinux/python3-criu pkg:rpm/almalinux/python3-podman pkg:rpm/almalinux/runc pkg:rpm/almalinux/skopeo pkg:rpm/almalinux/skopeo-tests pkg:rpm/almalinux/slirp4netns pkg:rpm/almalinux/toolbox pkg:rpm/almalinux/toolbox-tests pkg:rpm/almalinux/udica pkg:rpm/almalinux/weldr-client pkg:rpm/opensuse/go1.17&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/go1.17&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/go1.17&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/go1.18&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/go1.18&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/go1.18&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/go1.18-openssl&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/go1.18-openssl&distro=openSUSE%20Leap%2015.5 pkg:rpm/suse/go1.17&distro=SUSE%20Enterprise%20Storage%207 pkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOS pkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3 pkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4 pkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCL pkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/go1.17&distro=SUSE%20Manager%20Proxy%204.1 pkg:rpm/suse/go1.17&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1 pkg:rpm/suse/go1.17&distro=SUSE%20Manager%20Server%204.1 pkg:rpm/suse/go1.18&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3 pkg:rpm/suse/go1.18&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4 pkg:rpm/suse/go1.18-openssl&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/go1.18-openssl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOS pkg:rpm/suse/go1.18-openssl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/go1.18-openssl&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4 pkg:rpm/suse/go1.18-openssl&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3 pkg:rpm/suse/go1.18-openssl&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/go1.18-openssl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3
< 1.17.13+ 65 more
- (no CPE)range: < 1.17.13
- (no CPE)range: < 2:1.5.0-2.module_el8.8.0+3470+252b1910
- (no CPE)range: < 1:1.29.1-1.module_el8.8.0+3470+252b1910
- (no CPE)range: < 1:1.29.1-1.module_el8.8.0+3470+252b1910
- (no CPE)range: < 0.16.0-1.el9
- (no CPE)range: < 63.1-1.module_el8.8.0+3557+7ba9cc13
- (no CPE)range: < 3:2.1.6-1.module_el8.8.0+3470+252b1910
- (no CPE)range: < 1:1.2.0-1.module_el8.8.0+3470+252b1910
- (no CPE)range: < 2:1-63.module_el8.8.0+3568+e8578284
- (no CPE)range: < 2:2.205.0-2.module_el8.8.0+3557+7ba9cc13
- (no CPE)range: < 3.15-3.module_el8.7.0+3407+95aa0ca9
- (no CPE)range: < 3.15-3.module_el8.7.0+3407+95aa0ca9
- (no CPE)range: < 3.15-3.module_el8.7.0+3407+95aa0ca9
- (no CPE)range: < 3.15-3.module_el8.7.0+3407+95aa0ca9
- (no CPE)range: < 1.8.1-2.module_el8.8.0+3568+e8578284
- (no CPE)range: < 1.10-1.module_el8.8.0+3470+252b1910
- (no CPE)range: < 2.13.3-3.el8_6
- (no CPE)range: < 4.4.0-1.module_el8.7.0+3407+95aa0ca9
- (no CPE)range: < 4.4.0-1.module_el8.7.0+3407+95aa0ca9
- (no CPE)range: < 2:1.5.0-4.module_el8.8.0+3470+252b1910
- (no CPE)range: < 1.2.8-1.module_el8.8.0+3470+252b1910
- (no CPE)range: < 3:4.4.1-8.module_el8.8.0+3568+e8578284
- (no CPE)range: < 3:4.4.1-8.module_el8.8.0+3568+e8578284
- (no CPE)range: < 3:4.4.1-8.module_el8.8.0+3568+e8578284
- (no CPE)range: < 3:4.4.1-8.module_el8.8.0+3568+e8578284
- (no CPE)range: < 3:4.4.1-8.module_el8.8.0+3568+e8578284
- (no CPE)range: < 3:4.4.1-8.module_el8.8.0+3568+e8578284
- (no CPE)range: < 3:4.4.1-8.module_el8.8.0+3568+e8578284
- (no CPE)range: < 3.15-3.module_el8.7.0+3407+95aa0ca9
- (no CPE)range: < 4.4.1-1.module_el8.8.0+3470+252b1910
- (no CPE)range: < 1:1.1.4-1.module_el8.7.0+3407+95aa0ca9
- (no CPE)range: < 2:1.11.2-0.2.module_el8.8.0+3470+252b1910
- (no CPE)range: < 2:1.11.2-0.2.module_el8.8.0+3470+252b1910
- (no CPE)range: < 1.2.0-2.module_el8.7.0+3407+95aa0ca9
- (no CPE)range: < 0.0.99.3-9.el9
- (no CPE)range: < 0.0.99.3-9.el9
- (no CPE)range: < 0.2.6-20.module_el8.8.0+3470+252b1910
- (no CPE)range: < 35.5-4.el8
- (no CPE)range: < 1.17.13-150000.1.42.1
- (no CPE)range: < 1.17.13-150000.1.42.1
- (no CPE)range: < 1.17.13-1.1
- (no CPE)range: < 1.18.5-150000.1.25.1
- (no CPE)range: < 1.18.5-150000.1.25.1
- (no CPE)range: < 1.18.5-1.1
- (no CPE)range: < 1.18.10.1-150000.1.9.1
- (no CPE)range: < 1.18.10.1-150000.1.9.1
- (no CPE)range: < 1.17.13-150000.1.42.1
- (no CPE)range: < 1.17.13-150000.1.42.1
- (no CPE)range: < 1.17.13-150000.1.42.1
- (no CPE)range: < 1.17.13-150000.1.42.1
- (no CPE)range: < 1.17.13-150000.1.42.1
- (no CPE)range: < 1.17.13-150000.1.42.1
- (no CPE)range: < 1.17.13-150000.1.42.1
- (no CPE)range: < 1.17.13-150000.1.42.1
- (no CPE)range: < 1.17.13-150000.1.42.1
- (no CPE)range: < 1.17.13-150000.1.42.1
- (no CPE)range: < 1.17.13-150000.1.42.1
- (no CPE)range: < 1.18.5-150000.1.25.1
- (no CPE)range: < 1.18.5-150000.1.25.1
- (no CPE)range: < 1.18.10.1-150000.1.9.1
- (no CPE)range: < 1.18.10.1-150000.1.9.1
- (no CPE)range: < 1.18.10.1-150000.1.9.1
- (no CPE)range: < 1.18.10.1-150000.1.9.1
- (no CPE)range: < 1.18.10.1-150000.1.9.1
- (no CPE)range: < 1.18.10.1-150000.1.9.1
- (no CPE)range: < 1.18.10.1-150000.1.9.1
Go standard library/math/bigv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000