vulnerability

Red Hat OpenShift: CVE-2020-16845: golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:N/A:P)	2020-08-06	2020-12-29	2025-04-11

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:P)

Published

2020-08-06

Added

2020-12-29

Modified

2025-04-11

Description

Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.

Solution(s)

linuxrpm-upgrade-apblinuxrpm-upgrade-atomic-enterprise-service-cataloglinuxrpm-upgrade-atomic-openshift-service-idlerlinuxrpm-upgrade-buildahlinuxrpm-upgrade-containernetworking-pluginslinuxrpm-upgrade-cri-olinuxrpm-upgrade-cri-toolslinuxrpm-upgrade-faqlinuxrpm-upgrade-golang-github-prometheus-promulinuxrpm-upgrade-ignitionlinuxrpm-upgrade-jenkins-2-pluginslinuxrpm-upgrade-kubefed-clientlinuxrpm-upgrade-machine-config-daemonlinuxrpm-upgrade-openshiftlinuxrpm-upgrade-openshift-clientslinuxrpm-upgrade-openshift-eventrouterlinuxrpm-upgrade-podmanlinuxrpm-upgrade-redhat-release-coreoslinuxrpm-upgrade-runclinuxrpm-upgrade-skopeo

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today

Red Hat OpenShift: CVE-2020-16845: golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs

Description

Solution(s)

References

Explore Exposure Command