Uncontrolled Memory Consumption Vulnerability in Go Programming Language
CVE-2022-23772

7.5HIGH

Key Information:

Vendor

Golang

Status
Go
Vendor
CVE Published:
11 February 2022

What is CVE-2022-23772?

The Go programming language contains an overflow vulnerability within the Rat.SetString function in the math/big package, which can lead to uncontrolled memory consumption. This issue arises before the versions 1.16.14 and 1.17.7. An attacker could exploit this vulnerability, potentially affecting application performance and resource management by consuming excessive memory.

References

https://lists.debian.org/debian-lts-announce/2022/04/msg0...
mailing-listx_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2022/04/msg0...
mailing-listx_refsource_MLIST
https://www.oracle.com/security-alerts/cpujul2022.html
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.