golang: math/big: panic during recursive division of very large numbers

🗓️ 18 Jan 2021 16:04:44Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 3 Views

Go math/big panics in recursive division of large numbers, enabling denial of service.

Reporter	Title	Published	Views	Family All 162
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM API Connect	15 Mar 202500:18	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak	25 Aug 202202:03	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Private is vulnerable to a Go vulnerability (CVE-2020-28362)	26 Feb 202116:13	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM API Connect	29 Apr 202502:40	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability in GO affects IBM Cloud Pak for Multicloud Management.	19 Feb 202104:52	–	ibm
IBM Security Bulletins	Security Bulletin: Upgrade to IBP v2.5.1 to address recent concerns/issues with Golang versions other than 1.14.12	5 Jan 202119:40	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability in GO affects IBM Cloud Automation Manager.	17 Feb 202116:50	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Go	27 Feb 202103:40	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities in Go affect IBM Cloud Pak for Multicloud Management Hybrid GRC.	25 Feb 202118:35	–	ibm
IBM Security Bulletins	Security Bulletin: Netcool Operations Insight v1.6.6 contains fixes for multiple security vulnerabilities.	25 Oct 202213:11	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	8	ppc64le	cri-o	0:1.19.1-2.rhaos4.6.git2af9ecf.el8	cri-o-0:1.19.1-2.rhaos4.6.git2af9ecf.el8.ppc64le.rpm
Red Hat Enterprise Linux	8	s390x	cri-o	0:1.19.1-2.rhaos4.6.git2af9ecf.el8	cri-o-0:1.19.1-2.rhaos4.6.git2af9ecf.el8.s390x.rpm
Red Hat Enterprise Linux	8	x86_64	cri-o	0:1.19.1-2.rhaos4.6.git2af9ecf.el8	cri-o-0:1.19.1-2.rhaos4.6.git2af9ecf.el8.x86_64.rpm
Red Hat Enterprise Linux	8	ppc64le	cri-o-debuginfo	0:1.19.1-2.rhaos4.6.git2af9ecf.el8	cri-o-debuginfo-0:1.19.1-2.rhaos4.6.git2af9ecf.el8.ppc64le.rpm
Red Hat Enterprise Linux	8	s390x	cri-o-debuginfo	0:1.19.1-2.rhaos4.6.git2af9ecf.el8	cri-o-debuginfo-0:1.19.1-2.rhaos4.6.git2af9ecf.el8.s390x.rpm
Red Hat Enterprise Linux	8	x86_64	cri-o-debuginfo	0:1.19.1-2.rhaos4.6.git2af9ecf.el8	cri-o-debuginfo-0:1.19.1-2.rhaos4.6.git2af9ecf.el8.x86_64.rpm
Red Hat Enterprise Linux	8	ppc64le	cri-o-debugsource	0:1.19.1-2.rhaos4.6.git2af9ecf.el8	cri-o-debugsource-0:1.19.1-2.rhaos4.6.git2af9ecf.el8.ppc64le.rpm
Red Hat Enterprise Linux	8	s390x	cri-o-debugsource	0:1.19.1-2.rhaos4.6.git2af9ecf.el8	cri-o-debugsource-0:1.19.1-2.rhaos4.6.git2af9ecf.el8.s390x.rpm
Red Hat Enterprise Linux	8	x86_64	cri-o-debugsource	0:1.19.1-2.rhaos4.6.git2af9ecf.el8	cri-o-debugsource-0:1.19.1-2.rhaos4.6.git2af9ecf.el8.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	openshift-clients	0:4.6.0-202012172338.p0.git.3800.30af700.el7	openshift-clients-0:4.6.0-202012172338.p0.git.3800.30af700.el7.x86_64.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2020-28362
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2020-28362
cve	www.cve.org/CVERecord

30 Apr 2026 16:09Current

7.1High risk

Vulners AI Score7.1

CVSS 25

CVSS 3.17.5

EPSS0.00711

Go math big panic recursive division large numbers denial of service crafted certificates