CVE-2021-33198 — Uncontrolled Resource Consumption in GO

CWE-400 — Uncontrolled Resource Consumption9 documents8 sources

Severity

7.5HIGHNVD

EPSS

0.0%

top 91.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Golang GO Paloalto Pan-os

Timeline

PublishedAug 2

Latest updateNov 1

Description

In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDgolang/go1.16.0 — 1.16.5+1

▶Palo Altopaloalto/pan-os

Patches

Patch: groups.google.com ↗Patch: groups.google.com ↗

🔴Vulnerability Details

GHSA

GHSA-q2pw-fq43-w78v: Go before 1↗2022-05-24

▶

OSV

Panic on inputs with large exponents in math/big↗2022-02-17

▶

OSV

CVE-2021-33198: In Go before 1↗2021-08-02

▶

CVEList

CVE-2021-33198: In Go before 1↗2021-08-02

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2024-0013 Informational Bulletin: Impact of OSS CVEs in PAN-OS↗2024-11-01

▶

Microsoft

In Go before 1.15.13 and 1.16.x before 1.16.5 there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.↗2021-08-10

▶

Red Hat

golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents↗2021-03-10

▶

Debian

CVE-2021-33198: golang-1.15 - In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large ...↗2021

▶