reports: add GO-2021-0242 for CVE-2021-33198
Fixes golang/vulndb#242
Change-Id: I36dcbf32890f0e1998b210225ea4a1db8e873615
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/377374
Trust: Damien Neil <dneil@google.com>
Run-TryBot: Damien Neil <dneil@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
diff --git a/reports/GO-2021-0242.yaml b/reports/GO-2021-0242.yaml
new file mode 100644
index 0000000..3cbe474
--- /dev/null
+++ b/reports/GO-2021-0242.yaml
@@ -0,0 +1,23 @@
+module: std
+package: math/big
+versions:
+- fixed: go1.15.13
+- fixed: go1.16.5
+- fixed: go1.17.0
+description: |
+ Rat.SetString and Rat.UnmarshalText may cause a panic or an
+ unrecoverable fatal error if passed inputs with very large
+ exponents.
+cves:
+- CVE-2021-33198
+credit: |
+ the OSS-Fuzz project for discovering this issue and to Emmanuel
+ Odeke for reporting it
+symbols:
+- Rat.SetString
+links:
+ pr: https://go.dev/cl/316149
+ commit: https://go.googlesource.com/go/+/6c591f79b0b5327549bd4e94970f7a279efb4ab0
+ context:
+ - https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI
+ - https://go.dev/issue/45910
