vulnerability
FreeBSD: VID-BC7AFF8C-D806-11EA-A5AA-0800272260E5 (CVE-2020-16845): go -- encoding/binary: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | Aug 6, 2020 | Aug 7, 2020 | Oct 20, 2020 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
Aug 6, 2020
Added
Aug 7, 2020
Modified
Oct 20, 2020
Description
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
Solution
freebsd-upgrade-package-go
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.