CVE-2022-23772 — Integer Overflow or Wraparound in GO

CWE-190 — Integer Overflow or Wraparound CWE-400 — Uncontrolled Resource Consumption9 documents8 sources

Severity

7.5HIGHNVD

EPSS

0.0%

top 89.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Golang GO Debian Linux Paloalto Pan-os

Timeline

PublishedFeb 11

Latest updateNov 1

Description

Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDgolang/go1.17.0 — 1.17.7+1

▶Palo Altopaloalto/pan-os

Also affects: Debian Linux 9.0

🔴Vulnerability Details

OSV

Uncontrolled memory consumption in math/big↗2022-05-23

▶

GHSA

GHSA-q99m-p7hq-5v4f: Rat↗2022-02-12

▶

OSV

CVE-2022-23772: Rat↗2022-02-11

▶

CVEList

CVE-2022-23772: Rat↗2022-02-11

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2024-0013 Informational Bulletin: Impact of OSS CVEs in PAN-OS↗2024-11-01

▶

Microsoft

Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.↗2022-02-08

▶

Red Hat

golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString↗2022-01-19

▶

Debian

CVE-2022-23772: golang-1.15 - Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an o...↗2022

▶