Google Git
Sign in
go / vulndb / b93ae64bc2e9ea009dfec3a82f1f9ee0cc2ec1a5^! / .
commitb93ae64bc2e9ea009dfec3a82f1f9ee0cc2ec1a5[log] [tgz]
authorAria Thaker <ariathaker@gmail.com>Tue Mar 01 11:25:27 2022 -0800
committerJulie Qiu <julie@golang.org>Mon May 23 22:15:42 2022 +0000
tree192ae5368533276ac6e563b718b765e1ba0400d3
parent7d9aacc14278918f331b9c87d615e1c734a63d47 [diff]
reports: add GO-2021-0317 for CVE-2022-23772

Fixes golang/vulndb#317

Change-Id: Ib18eca39c9d7f94f0a73ac50204e3e4317aa7ac8
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/388735
Reviewed-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
Reviewed-by: Julie Qiu <julieqiu@google.com>
Run-TryBot: Julie Qiu <julie@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>

diff --git a/reports/GO-2021-0317.yaml b/reports/GO-2021-0317.yaml
new file mode 100644
index 0000000..46d3236
--- /dev/null
+++ b/reports/GO-2021-0317.yaml

@@ -0,0 +1,20 @@
+packages:
+  - module: std
+    package: math/big
+    symbols:
+      - Rat.SetString
+    versions:
+      - fixed: 1.16.14
+      - introduced: 1.17.0
+        fixed: 1.17.7
+description: |
+  Rat.SetString had an overflow issue that can lead to uncontrolled memory consumption.
+cves:
+  - CVE-2022-23772
+credit: Emmanuel Odeke
+links:
+  pr: https://go.dev/cl/379537
+  commit: https://go.googlesource.com/go/+/ad345c265916bbf6c646865e4642eafce6d39e78
+  context:
+    - https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ
+    - https://go.dev/issue/50699