CVE-2021-33198
Aliases:GO-2021-0242BIT-golang-2021-33198
Advisory lineage Upstream: 0 Downstream: 27
Modified
Published: 02 Aug 2021, 18:55
Last modified:03 Aug 2024, 23:42
Vulnerability Summary
Overall Risk (default)
medium
40/100 CVSS Score
7.5 HIGH
v3.1 (nvd)
EPSS Score
0.03% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
1 found
Dark Web
Not detected
Timeline
02 Aug 2021, 18:55
Published
Vulnerability first disclosed
03 Aug 2024, 23:42
Last Modified
Vulnerability information updated
Description
In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.
CVSS Metrics
- v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- v2.0•MEDIUM•Score: 5AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS Trends
Current EPSS score: 0.03%• Percentile: 9%
Affected Systems
- golang•go
< 1.15.13 | ≥ 1.16.0, < 1.16.5
- Go•stdlib
≥ 1.16.0-0, < 1.16.5