CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS
Percentile
78.9%
Issue Overview:
Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. (CVE-2022-23772)
cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags. (CVE-2022-23773)
A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource. (CVE-2022-23806)
Affected Packages:
golang
Issue Correction:
Run yum update golang to update your system.
New Packages:
i686:
golang-bin-1.16.15-1.38.amzn1.i686
golang-shared-1.16.15-1.38.amzn1.i686
golang-1.16.15-1.38.amzn1.i686
noarch:
golang-tests-1.16.15-1.38.amzn1.noarch
golang-src-1.16.15-1.38.amzn1.noarch
golang-docs-1.16.15-1.38.amzn1.noarch
golang-misc-1.16.15-1.38.amzn1.noarch
src:
golang-1.16.15-1.38.amzn1.src
x86_64:
golang-bin-1.16.15-1.38.amzn1.x86_64
golang-race-1.16.15-1.38.amzn1.x86_64
golang-shared-1.16.15-1.38.amzn1.x86_64
golang-1.16.15-1.38.amzn1.x86_64
Red Hat: CVE-2022-23772, CVE-2022-23773, CVE-2022-23806
Mitre: CVE-2022-23772, CVE-2022-23773, CVE-2022-23806
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | golang-bin | < 1.16.15-1.38.amzn1 | golang-bin-1.16.15-1.38.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | golang-shared | < 1.16.15-1.38.amzn1 | golang-shared-1.16.15-1.38.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | golang | < 1.16.15-1.38.amzn1 | golang-1.16.15-1.38.amzn1.i686.rpm |
Amazon Linux | 1 | noarch | golang-tests | < 1.16.15-1.38.amzn1 | golang-tests-1.16.15-1.38.amzn1.noarch.rpm |
Amazon Linux | 1 | noarch | golang-src | < 1.16.15-1.38.amzn1 | golang-src-1.16.15-1.38.amzn1.noarch.rpm |
Amazon Linux | 1 | noarch | golang-docs | < 1.16.15-1.38.amzn1 | golang-docs-1.16.15-1.38.amzn1.noarch.rpm |
Amazon Linux | 1 | noarch | golang-misc | < 1.16.15-1.38.amzn1 | golang-misc-1.16.15-1.38.amzn1.noarch.rpm |
Amazon Linux | 1 | x86_64 | golang-bin | < 1.16.15-1.38.amzn1 | golang-bin-1.16.15-1.38.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | golang-race | < 1.16.15-1.38.amzn1 | golang-race-1.16.15-1.38.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | golang-shared | < 1.16.15-1.38.amzn1 | golang-shared-1.16.15-1.38.amzn1.x86_64.rpm |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS
Percentile
78.9%