Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.
References
Link | Resource |
---|---|
https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ | Release Notes Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html | Mailing List Third Party Advisory |
https://security.gentoo.org/glsa/202208-02 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220225-0006/ | Third Party Advisory |
https://www.oracle.com/security-alerts/cpujul2022.html | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
09 Nov 2022, 21:51
Type | Values Removed | Values Added |
---|---|---|
References | (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/202208-02 - Third Party Advisory |
04 Aug 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Jul 2022, 18:21
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 May 2022, 18:03
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* | |
CWE | CWE-190 | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html - Mailing List, Third Party Advisory | |
First Time |
Debian
Debian debian Linux |
28 Apr 2022, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Mar 2022, 16:08
Type | Values Removed | Values Added |
---|---|---|
First Time |
Netapp kubernetes Monitoring Operator
Netapp cloud Insights Telegraf Agent Netapp Netapp storagegrid Netapp beegfs Csi Driver |
|
CPE | cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:beegfs_csi_driver:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:kubernetes_monitoring_operator:-:*:*:*:*:*:*:* |
|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220225-0006/ - Third Party Advisory |
25 Feb 2022, 10:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
17 Feb 2022, 04:17
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ - Release Notes, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 7.8
v3 : 7.5 |
CPE | cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* | |
First Time |
Golang go
Golang |
|
CWE | CWE-400 |
11 Feb 2022, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-02-11 01:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-23772
Mitre link : CVE-2022-23772
CVE.ORG link : CVE-2022-23772
JSON object : View
Products Affected
debian
- debian_linux
golang
- go
netapp
- beegfs_csi_driver
- storagegrid
- kubernetes_monitoring_operator
- cloud_insights_telegraf_agent
CWE
CWE-190
Integer Overflow or Wraparound