First published: Thu Aug 06 2020(Updated: )
Go Language is vulnerable to a denial of service, caused by an infinite read loop in ReadUvarint and ReadVarint in encoding/binary. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to cause a denial of service condition.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
debian/golang-1.11 | 1.11.6-1+deb10u4 1.11.6-1+deb10u7 | |
debian/golang-1.15 | 1.15.15-1~deb11u4 | |
redhat/ior | <0:1.1.11-2.el8 | 0:1.1.11-2.el8 |
redhat/servicemesh | <0:1.1.11-2.el8 | 0:1.1.11-2.el8 |
redhat/servicemesh-cni | <0:1.1.11-2.el8 | 0:1.1.11-2.el8 |
redhat/servicemesh-grafana | <0:6.4.3-19.el8 | 0:6.4.3-19.el8 |
redhat/servicemesh-operator | <0:1.1.11-3.el8 | 0:1.1.11-3.el8 |
redhat/servicemesh-prometheus | <0:2.14.0-20.el8 | 0:2.14.0-20.el8 |
redhat/go-toolset | <1.13-0:1.13.15-1.el7 | 1.13-0:1.13.15-1.el7 |
redhat/go-toolset | <1.13-golang-0:1.13.15-3.el7 | 1.13-golang-0:1.13.15-3.el7 |
redhat/faq | <0:0.0.6-5.el7 | 0:0.0.6-5.el7 |
redhat/openshift | <0:4.4.0-202011130111.p0.git.0.4861dfa.el7 | 0:4.4.0-202011130111.p0.git.0.4861dfa.el7 |
redhat/openshift-clients | <0:4.4.0-202011122017.p0.git.3445.6937a03.el7 | 0:4.4.0-202011122017.p0.git.3445.6937a03.el7 |
redhat/atomic-enterprise-service-catalog | <1:4.5.0-202010081312.p0.git.1808.498e523.el7 | 1:4.5.0-202010081312.p0.git.1808.498e523.el7 |
redhat/atomic-openshift-service-idler | <0:4.5.0-202010081312.p0.git.15.d7814b2.el7 | 0:4.5.0-202010081312.p0.git.15.d7814b2.el7 |
redhat/cri-o | <0:1.18.4-4.rhaos4.5.git6dee389.el8 | 0:1.18.4-4.rhaos4.5.git6dee389.el8 |
redhat/apb | <0:2.0.3-3.el7 | 0:2.0.3-3.el7 |
redhat/buildah | <0:1.11.6-9.rhaos4.5.el8 | 0:1.11.6-9.rhaos4.5.el8 |
redhat/containernetworking-plugins | <0:0.8.6-2.rhaos4.5.el8 | 0:0.8.6-2.rhaos4.5.el8 |
redhat/cri-o | <0:1.18.4-7.rhaos4.5.git572d9f7.el7 | 0:1.18.4-7.rhaos4.5.git572d9f7.el7 |
redhat/cri-tools | <0:1.18.0-4.el8 | 0:1.18.0-4.el8 |
redhat/golang-github-prometheus-promu | <0:0.5.0-3.git642a960.el7 | 0:0.5.0-3.git642a960.el7 |
redhat/openshift | <0:4.5.0-202102261511.p0.git.0.f0229b9.el8 | 0:4.5.0-202102261511.p0.git.0.f0229b9.el8 |
redhat/ignition | <0:0.35.1-12.rhaos4.5.gitb4d18ad.el8 | 0:0.35.1-12.rhaos4.5.gitb4d18ad.el8 |
redhat/kubefed-client | <0:4.5.0-202002271711.git.2.3bd46d6.el7 | 0:4.5.0-202002271711.git.2.3bd46d6.el7 |
redhat/openshift-eventrouter | <0:0.2-5.git7c289cc.el7 | 0:0.2-5.git7c289cc.el7 |
redhat/podman | <0:1.9.3-2.rhaos4.5.el8 | 0:1.9.3-2.rhaos4.5.el8 |
redhat/skopeo | <1:1.1.1-2.rhaos4.5.el8 | 1:1.1.1-2.rhaos4.5.el8 |
redhat/machine-config-daemon | <0:4.5.0-202012050338.p0.git.2581.e7a62a7.el8 | 0:4.5.0-202012050338.p0.git.2581.e7a62a7.el8 |
redhat/ignition | <0:2.6.0-5.rhaos4.6.git947598e.el8 | 0:2.6.0-5.rhaos4.6.git947598e.el8 |
redhat/openshift | <0:4.6.0-202010022112.p0.git.94033.ef41184.el7 | 0:4.6.0-202010022112.p0.git.94033.ef41184.el7 |
redhat/openshift-clients | <0:4.6.0-202010081244.p0.git.3794.4743d24.el7 | 0:4.6.0-202010081244.p0.git.3794.4743d24.el7 |
redhat/podman | <0:1.9.3-3.rhaos4.6.el8 | 0:1.9.3-3.rhaos4.6.el8 |
redhat/runc | <0:1.0.0-81.rhaos4.6.git5b757d4.el8 | 0:1.0.0-81.rhaos4.6.git5b757d4.el8 |
redhat/faq | <0:0.0.6-5.el8 | 0:0.0.6-5.el8 |
redhat/skopeo | <1:1.1.1-3.rhaos4.6.el8 | 1:1.1.1-3.rhaos4.6.el8 |
redhat/openshift-eventrouter | <0:0.2-6.git7c289cc.el8 | 0:0.2-6.git7c289cc.el8 |
redhat/cri-o | <0:1.20.2-12.rhaos4.7.git9f7be76.el7 | 0:1.20.2-12.rhaos4.7.git9f7be76.el7 |
redhat/cri-tools | <0:1.20.0-3.el7 | 0:1.20.0-3.el7 |
redhat/jenkins | <2-plugins-0:4.7.1621361158-1.el8 | 2-plugins-0:4.7.1621361158-1.el8 |
redhat/redhat-release-coreos | <0:47.83-2.el8 | 0:47.83-2.el8 |
redhat/golang-github-prometheus-promu | <0:0.5.0-3.git642a960.el8 | 0:0.5.0-3.git642a960.el8 |
redhat/mcg | <0:5.6.0-39.2279a46.5.6.el8 | 0:5.6.0-39.2279a46.5.6.el8 |
redhat/kubevirt | <0:4.9.0-287.el8 | 0:4.9.0-287.el8 |
Golang Go | <1.13.15 | |
Golang Go | >=1.14<1.14.7 | |
openSUSE Leap | =15.1 | |
openSUSE Leap | =15.2 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
Fedoraproject Fedora | =31 | |
Fedoraproject Fedora | =32 | |
redhat/Go | <1.14.7 | 1.14.7 |
redhat/Go | <1.13.15 | 1.13.15 |
redhat/Go | <1.15 | 1.15 |
IBM Security Guardium Insights | <=2.0.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)