5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
0.016 Low
EPSS
Percentile
87.3%
The Go project reports:
A number of math/big.Int methods (Div, Exp, DivMod, Quo, Rem,
QuoRem, Mod, ModInverse, ModSqrt, Jacobi, and GCD) can panic
when provided crafted large inputs. For the panic to happen,
the divisor or modulo argument must be larger than 3168 bits
(on 32-bit architectures) or 6336 bits (on 64-bit architectures).
Multiple math/big.Rat methods are similarly affected.
The go command may execute arbitrary code at build time when
cgo is in use. This may occur when running go get on a malicious
package, or any other command that builds untrusted code. This
can be caused by a malicious gcc flags specified via a #cgo
directive.
The go command may execute arbitrary code at build time when
cgo is in use. This may occur when running go get on a malicious
package, or any other command that builds untrusted code. This
can be caused by malicious unquoted symbol names.
5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
0.016 Low
EPSS
Percentile
87.3%