projects / golang-1.7.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d1d0ab3) | patch
CVE-2022-23772
authorGo Compiler Team <pkg-golang-devel@lists.alioth.debian.org>
Tue, 26 Apr 2022 17:32:45 +0000 (18:32 +0100)
committerSylvain Beucler <beuc@debian.org>
Tue, 26 Apr 2022 17:32:45 +0000 (18:32 +0100)
commit54b63bd40a049b6f0801da2c8d7e096ad049898f
treea1f88e5846bf1f7a981da7fbf55962b0c029ff57tree | snapshot
parentd1d0ab334496b12c5217e303ead4a8a1b3bfc0c5commit | diff
CVE-2022-23772

Origin: https://github.com/golang/go/commit/07ee9e6445057e181fb3895df978748ffef30327
Reviewed-by: Sylvain Beucler <beuc@debian.org>
Last-Update: 2022-04-26

Retrieved SetString from 1.16 as the code changed too much.

From 07ee9e6445057e181fb3895df978748ffef30327 Mon Sep 17 00:00:00 2001
From: Katie Hockman <katie@golang.org>
Date: Wed, 19 Jan 2022 16:54:41 -0500
Subject: [PATCH] [release-branch.go1.16] math/big: prevent overflow in
 (*Rat).SetString

Credit to rsc@ for the original patch.

Thanks to the OSS-Fuzz project for discovering this
issue and to Emmanuel Odeke (@odeke_et) for reporting it.

Updates #50699
Fixes #50700
Fixes CVE-2022-23772

Change-Id: I590395a3d55689625390cf1e58f5f40623b26ee5
Reviewed-on: https://go-review.googlesource.com/c/go/+/379537
Trust: Katie Hockman <katie@golang.org>
Run-TryBot: Katie Hockman <katie@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Emmanuel Odeke <emmanuel@orijtech.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Julie Qiu <julie@golang.org>
(cherry picked from commit ad345c265916bbf6c646865e4642eafce6d39e78)
Reviewed-on: https://go-review.googlesource.com/c/go/+/381337

Gbp-Pq: Name CVE-2022-23772.patch
src/math/big/nat.go diff | blob | history
src/math/big/ratconv.go diff | blob | history
src/math/big/ratconv_test.go diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.