FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
db4b2f27-252a-11eb-865c-00155d646400go -- math/big: panic during recursive division of very large numbers; cmd/go: arbitrary code execution at build time through cgo

The Go project reports:

A number of math/big.Int methods (Div, Exp, DivMod, Quo, Rem, QuoRem, Mod, ModInverse, ModSqrt, Jacobi, and GCD) can panic when provided crafted large inputs. For the panic to happen, the divisor or modulo argument must be larger than 3168 bits (on 32-bit architectures) or 6336 bits (on 64-bit architectures). Multiple math/big.Rat methods are similarly affected.

The go command may execute arbitrary code at build time when cgo is in use. This may occur when running go get on a malicious package, or any other command that builds untrusted code. This can be caused by a malicious gcc flags specified via a #cgo directive.

The go command may execute arbitrary code at build time when cgo is in use. This may occur when running go get on a malicious package, or any other command that builds untrusted code. This can be caused by malicious unquoted symbol names.


Discovery 2020-11-09
Entry 2020-11-12
go
lt 1.15.5,1

CVE-2020-28367
CVE-2020-28362
https://github.com/golang/go/issues/42552
https://github.com/golang/go/issues/42556
CVE-2020-28366
https://github.com/golang/go/issues/42559