golang: math/big: panic during recursive division of very large numbers

🗓️ 02 Mar 2021 19:11:26Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 5 Views

Go math/big panic vulnerability causes denial of service from crafted certificate chains.

Reporter	Title	Published	Views	Family All 162
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM API Connect	15 Mar 202500:18	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak	25 Aug 202202:03	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Private is vulnerable to a Go vulnerability (CVE-2020-28362)	26 Feb 202116:13	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM API Connect	29 Apr 202502:40	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability in GO affects IBM Cloud Pak for Multicloud Management.	19 Feb 202104:52	–	ibm
IBM Security Bulletins	Security Bulletin: Upgrade to IBP v2.5.1 to address recent concerns/issues with Golang versions other than 1.14.12	5 Jan 202119:40	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability in GO affects IBM Cloud Automation Manager.	17 Feb 202116:50	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Go	27 Feb 202103:40	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities in Go affect IBM Cloud Pak for Multicloud Management Hybrid GRC.	25 Feb 202118:35	–	ibm
IBM Security Bulletins	Security Bulletin: Netcool Operations Insight v1.6.6 contains fixes for multiple security vulnerabilities.	25 Oct 202213:11	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	8	aarch64	buildah	0:1.11.6-8.module+el8.3.0+10188+4c10031c	buildah-0:1.11.6-8.module+el8.3.0+10188+4c10031c.aarch64.rpm
Red Hat Enterprise Linux	8	ppc64le	buildah	0:1.11.6-8.module+el8.3.0+10188+4c10031c	buildah-0:1.11.6-8.module+el8.3.0+10188+4c10031c.ppc64le.rpm
Red Hat Enterprise Linux	8	s390x	buildah	0:1.11.6-8.module+el8.3.0+10188+4c10031c	buildah-0:1.11.6-8.module+el8.3.0+10188+4c10031c.s390x.rpm
Red Hat Enterprise Linux	8	x86_64	buildah	0:1.11.6-8.module+el8.3.0+10188+4c10031c	buildah-0:1.11.6-8.module+el8.3.0+10188+4c10031c.x86_64.rpm
Red Hat Enterprise Linux	8	aarch64	buildah-debuginfo	0:1.11.6-8.module+el8.3.0+10188+4c10031c	buildah-debuginfo-0:1.11.6-8.module+el8.3.0+10188+4c10031c.aarch64.rpm
Red Hat Enterprise Linux	8	ppc64le	buildah-debuginfo	0:1.11.6-8.module+el8.3.0+10188+4c10031c	buildah-debuginfo-0:1.11.6-8.module+el8.3.0+10188+4c10031c.ppc64le.rpm
Red Hat Enterprise Linux	8	s390x	buildah-debuginfo	0:1.11.6-8.module+el8.3.0+10188+4c10031c	buildah-debuginfo-0:1.11.6-8.module+el8.3.0+10188+4c10031c.s390x.rpm
Red Hat Enterprise Linux	8	x86_64	buildah-debuginfo	0:1.11.6-8.module+el8.3.0+10188+4c10031c	buildah-debuginfo-0:1.11.6-8.module+el8.3.0+10188+4c10031c.x86_64.rpm
Red Hat Enterprise Linux	8	aarch64	buildah-debugsource	0:1.11.6-8.module+el8.3.0+10188+4c10031c	buildah-debugsource-0:1.11.6-8.module+el8.3.0+10188+4c10031c.aarch64.rpm
Red Hat Enterprise Linux	8	ppc64le	buildah-debugsource	0:1.11.6-8.module+el8.3.0+10188+4c10031c	buildah-debugsource-0:1.11.6-8.module+el8.3.0+10188+4c10031c.ppc64le.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2020-28362
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2020-28362
cve	www.cve.org/CVERecord

30 Apr 2026 16:09Current

7.1High risk

Vulners AI Score7.1

CVSS 25

CVSS 3.17.5

EPSS0.00711

go math big panic vulnerability denial of service certificate chain cryptographic packages