vulnerability

Red Hat: CVE-2020-16845: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:N/A:P)	Aug 6, 2020	Sep 9, 2020	Mar 27, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:P)

Published

Aug 6, 2020

Added

Sep 9, 2020

Modified

Mar 27, 2026

Description

Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.

Solutions

redhat-upgrade-delveredhat-upgrade-delve-debuginforedhat-upgrade-delve-debugsourceredhat-upgrade-go-toolsetredhat-upgrade-golangredhat-upgrade-golang-binredhat-upgrade-golang-docsredhat-upgrade-golang-miscredhat-upgrade-golang-raceredhat-upgrade-golang-srcredhat-upgrade-golang-tests

References

CWE-835
EUVD-EUVD-2021-2567
NVD-CVE-2020-16845
REDHAT-RHSA-2020:3665
https://euvd.enisa.europa.eu/vulnerability/EUVD-2021-2567

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today