{"id":"CVE-2022-32189","summary":"Panic when decoding Float and Rat types in math/big","details":"A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service.","aliases":["BIT-golang-2022-32189","GO-2022-0537"],"modified":"2026-05-15T04:04:52.585511613Z","published":"2022-08-09T20:17:59Z","related":["ALSA-2022:7129","ALSA-2022:7548","ALSA-2022:7950","ALSA-2023:2193","ALSA-2023:2236","ALSA-2023:2357","ALSA-2023:2758","ALSA-2023:2802","SUSE-SU-2022:2671-1","SUSE-SU-2022:2672-1","SUSE-SU-2023:2312-1","openSUSE-SU-2024:12229-1","openSUSE-SU-2024:12230-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/32xxx/CVE-2022-32189.json","unresolved_ranges":[{"source":"AFFECTED_FIELD","extracted_events":[{"fixed":"1.17.13"},{"introduced":"1.18.0-0"},{"fixed":"1.18.5"}]},{"source":"DESCRIPTION","extracted_events":[{"fixed":"1.17.13"}]}],"cna_assigner":"Go"},"references":[{"type":"WEB","url":"https://go.dev/cl/417774"},{"type":"WEB","url":"https://go.dev/issue/53871"},{"type":"WEB","url":"https://go.googlesource.com/go/+/055113ef364337607e3e72ed7d48df67fde6fc66"},{"type":"WEB","url":"https://groups.google.com/g/golang-announce/c/YqYYG87xB10"},{"type":"WEB","url":"https://pkg.go.dev"},{"type":"WEB","url":"https://pkg.go.dev/vuln/GO-2022-0537"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/32xxx/CVE-2022-32189.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-32189"}],"schema_version":"1.7.5"}