golang: math/big: panic during recursive division of very large numbers

🗓️ 15 Dec 2020 17:12:24Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 1 Views

Go math/big panic in recursive division of large numbers; affects crypto packages and denial of service.

Reporter	Title	Published	Views	Family All 162
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM API Connect	15 Mar 202500:18	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak	25 Aug 202202:03	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Private is vulnerable to a Go vulnerability (CVE-2020-28362)	26 Feb 202116:13	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM API Connect	29 Apr 202502:40	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability in GO affects IBM Cloud Pak for Multicloud Management.	19 Feb 202104:52	–	ibm
IBM Security Bulletins	Security Bulletin: Upgrade to IBP v2.5.1 to address recent concerns/issues with Golang versions other than 1.14.12	5 Jan 202119:40	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability in GO affects IBM Cloud Automation Manager.	17 Feb 202116:50	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Go	27 Feb 202103:40	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities in Go affect IBM Cloud Pak for Multicloud Management Hybrid GRC.	25 Feb 202118:35	–	ibm
IBM Security Bulletins	Security Bulletin: Netcool Operations Insight v1.6.6 contains fixes for multiple security vulnerabilities.	25 Oct 202213:11	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	8	x86_64	delve	0:1.4.1-1.module+el8.3.0+7840+63dfb1ed	delve-0:1.4.1-1.module+el8.3.0+7840+63dfb1ed.x86_64.rpm
Red Hat Enterprise Linux	8	x86_64	delve-debuginfo	0:1.4.1-1.module+el8.3.0+7840+63dfb1ed	delve-debuginfo-0:1.4.1-1.module+el8.3.0+7840+63dfb1ed.x86_64.rpm
Red Hat Enterprise Linux	8	x86_64	delve-debugsource	0:1.4.1-1.module+el8.3.0+7840+63dfb1ed	delve-debugsource-0:1.4.1-1.module+el8.3.0+7840+63dfb1ed.x86_64.rpm
Red Hat Enterprise Linux	8	aarch64	go-toolset	0:1.14.12-1.module+el8.3.0+8784+380394dc	go-toolset-0:1.14.12-1.module+el8.3.0+8784+380394dc.aarch64.rpm
Red Hat Enterprise Linux	8	ppc64le	go-toolset	0:1.14.12-1.module+el8.3.0+8784+380394dc	go-toolset-0:1.14.12-1.module+el8.3.0+8784+380394dc.ppc64le.rpm
Red Hat Enterprise Linux	8	s390x	go-toolset	0:1.14.12-1.module+el8.3.0+8784+380394dc	go-toolset-0:1.14.12-1.module+el8.3.0+8784+380394dc.s390x.rpm
Red Hat Enterprise Linux	8	x86_64	go-toolset	0:1.14.12-1.module+el8.3.0+8784+380394dc	go-toolset-0:1.14.12-1.module+el8.3.0+8784+380394dc.x86_64.rpm
Red Hat Enterprise Linux	8	aarch64	golang	0:1.14.12-1.module+el8.3.0+8784+380394dc	golang-0:1.14.12-1.module+el8.3.0+8784+380394dc.aarch64.rpm
Red Hat Enterprise Linux	8	ppc64le	golang	0:1.14.12-1.module+el8.3.0+8784+380394dc	golang-0:1.14.12-1.module+el8.3.0+8784+380394dc.ppc64le.rpm
Red Hat Enterprise Linux	8	s390x	golang	0:1.14.12-1.module+el8.3.0+8784+380394dc	golang-0:1.14.12-1.module+el8.3.0+8784+380394dc.s390x.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2020-28362
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2020-28362
cve	www.cve.org/CVERecord

30 Apr 2026 16:09Current

7.1High risk

Vulners AI Score7.1

CVSS 25

CVSS 3.17.5

EPSS0.00711

go language math big panic recursive division large numbers cryptography certificate chain denial of service