Sign In

CVE-2020-16845

ADVISORY - github

Summary

Withdrawn Advisory

This advisory has been withdrawn because alerts cannot be issued for the Go standard library at this time.

Original Description

Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.

EPSS Score: 0.00084 (0.253)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

ADVISORY - github

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

ADVISORY - gitlab

CWE-1035

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

CWE-937

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

Impacted images

Advisories

GoLang

CREATED

UPDATED

ADVISORY IDGO-2021-0142
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY
PackageTypeOS NameOS VersionAffected RangesFix Versions
stdlibgolang--<1.13.151.13.15
stdlibgolang-->=1.14.0-0,<1.14.71.14.7

Severity and metrics

No CVSS data available from this advisory.

NIST

CREATED

UPDATED

ADVISORY IDCVE-2020-16845
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-835

CVSS SCORE

7.5high

GitHub

CREATED

UPDATED

ADVISORY IDGHSA-q6gq-997w-f55g
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-835

CVSS SCORE

7.5high

Alpine

CREATED

UPDATED

ADVISORY IDCVE-2020-16845
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

UPDATED

ADVISORY IDCVE-2020-16845
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

UPDATED

ADVISORY IDCVE-2020-16845
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.5low

GoLang

CREATED

UPDATED

ADVISORY IDGO-2021-0225
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

GitLab

CREATED

UPDATED

ADVISORY ID

CVE-2020-16845

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-1035CWE-835CWE-937

CVSS SCORE

7.5high

Amazon

CREATED

UPDATED

ADVISORY IDALAS-2020-1436
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Amazon

CREATED

UPDATED

ADVISORY IDALAS2-2020-1494
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Bitnami

CREATED

UPDATED

ADVISORY ID

BIT-2020-16845

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Bitnami

CREATED

UPDATED

ADVISORY ID

BIT-golang-2020-16845

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.5high

Red Hat

CREATED

UPDATED

ADVISORY IDCVE-2020-16845
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-835

CVSS SCORE

7.5medium

Oracle

CREATED

UPDATED

ADVISORY IDELSA-2020-3665
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Oracle

CREATED

UPDATED

ADVISORY IDELSA-2020-5823
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

UPDATED

ADVISORY IDELSA-2020-5825
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

UPDATED

ADVISORY IDELSA-2020-5827
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

UPDATED

ADVISORY IDELSA-2020-5828
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh