Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Mageia 8 MGASA-2022-0283 Critical: GoLang Panic Denial Of Service

mageia
Calendar Grey August 13, 2022
Dist Mageia Esm H88
Revised Go packages address serious security flaw impacting Mageia 8. Patches released on August 13, 2022.
A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service

Summary

A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service. (CVE-2022-32189)

References

- https://bugs.mageia.org/show_bug.cgi?id=30709

- https://lists.suse.com/pipermail/sle-security-updates/2022-August/011802.html

- https://lists.suse.com/pipermail/sle-security-updates/2022-August/011804.html

-

-

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UH4RHZUO6LPJKGF2UZSD2UZOCIGHUI5E/

- https://www.cve.org/CVERecord?id=CVE-2022-32189

Topics%20covered

Topics Covered

security advisory denial of service golang mageia panic issue

Resolution

SRPMS

- 8/core/golang-1.17.13-1.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 13 Aug 2022
URL: https://advisories.mageia.org/MGASA-2022-0283.html
Type: security
CVE: CVE-2022-32189

Topics%20covered

Topics Covered

security advisory denial of service golang mageia panic issue

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here