CVE-2020-16845
Description
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.193
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| golang-1.11 security update(DSA-4848-1) golang-1.11_1.11.6-1+deb10u4_all.deb | Linux |
| Kubernetes-cni update (ELSA-2020-5827) kubernetes-cni-0.7.1-1.0.3.el7.x86_64.rpm | Linux |
| Kubernetes-cni-plugins update (ELSA-2020-5827) kubernetes-cni-plugins-0.8.6-1.0.3.el7.x86_64.rpm | Linux |
| Kubeadm update (ELSA-2020-5825) kubeadm-1.12.10-1.0.15.el7.x86_64.rpm | Linux |
| Kubeadm-ha-setup update (ELSA-2020-5825) kubeadm-ha-setup-0.0.2-1.0.73.el7.x86_64.rpm | Linux |
| Kubectl update (ELSA-2020-5825) kubectl-1.12.10-1.0.15.el7.x86_64.rpm | Linux |
| Kubelet update (ELSA-2020-5825) kubelet-1.12.10-1.0.15.el7.x86_64.rpm | Linux |
| Kubernetes-cni update (ELSA-2020-5825) kubernetes-cni-0.7.1-1.0.3.el7.x86_64.rpm | Linux |
| Kubernetes-cni-plugins update (ELSA-2020-5825) kubernetes-cni-plugins-0.8.6-1.0.3.el7.x86_64.rpm | Linux |
| Kubernetes-cni update (ELSA-2020-5828) kubernetes-cni-0.7.1-1.0.3.el7.x86_64.rpm | Linux |
| Kubernetes-cni-plugins update (ELSA-2020-5828) kubernetes-cni-plugins-0.8.6-1.0.3.el7.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234