]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: eb7aa09) | patch
go: fix CVE-2022-23772
authorMinjae Kim <flowergom@gmail.com>
Sat, 26 Feb 2022 20:55:35 +0000 (20:55 +0000)
committerSteve Sakoman <steve@sakoman.com>
Mon, 28 Feb 2022 14:00:48 +0000 (04:00 -1000)
commite4d15040f62744265b9236ad7276f3371a9172da
tree48b9d1e1427883742badbcd8f446957d3bb7e4e3tree | snapshot
parenteb7aa0929ecd712aeeec0ff37dfb77c3da33b375commit | diff
go: fix CVE-2022-23772

math/big: prevent large memory consumption in Rat.SetString

An attacker can cause unbounded memory growth in a program using (*Rat).SetString
due to an unhandled overflow.

Upstream-Status: Backport [https://go.dev/issue/50699]
CVE: CVE-2022-23772
Signed-off-by:Minjae Kim <flowergom@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-devtools/go/go-1.14.inc diff | blob | history
meta/recipes-devtools/go/go-1.14/CVE-2022-23772.patch [new file with mode: 0644] blob
Mirror of the official openembedded-core repository