发布时间: 2022年8月13日
修改时间: 2025年1月17日
A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service.References:https://go.dev/issue/53871https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wUUpstream Commits:Master : https://github.com/golang/go/commit/055113ef364337607e3e72ed7d48df67fde6fc66Branch.go1.17 : https://github.com/golang/go/commit/703c8ab7e5ba75c95553d4e249309297abad7102Branch.go1.18 : https://github.com/golang/go/commit/9240558e4f342fc6e98fec22de17c04b45089349
| NVD | openEuler | |
|---|---|---|
| Confidentiality | None | None |
| Attack Vector | Network | Network |
| CVSS评分 | 7.5 | 6.5 |
| Attack Complexity | Low | Low |
| Privileges Required | None | None |
| Scope | Unchanged | Unchanged |
| Integrity | None | None |
| User Interaction | None | Required |
| Availability | High | High |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2022-1943 | golang security update | 2022年8月13日 |
| KylinSec-SA-2025-1138 | podman security update | 2025年2月28日 |
| KylinSec-SA-2025-1606 | podman security update | 2025年3月18日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-4A | golang | Fixed |
| KY3.4-5A | golang | Fixed |
| KY3.5.1 | golang | Fixed |
| V6 | golang | Fixed |
| KY3.5.3 | golang | Fixed |
