CVE-2021-33198
golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents
Severity Score
Exploit Likelihood
Affected Versions
2Public Exploits
1Exploited in Wild
-Decision
Descriptions
In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.
En Go versiones anteriores a 1.15.13 y versiones 1.16.x anteriores a 1.16.5, puede haber un pánico por un exponente grande al método math/big.Rat SetString o UnmarshalText.
A flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability.
New Features The release of RHACS 3.64 provides the following new features: 1. You can now use deployment and namespace annotations to define where RHACS sends the violation notifications when configuring your notifiers such as Slack, Microsoft Teams, Email, and others. 2. The Red Hat Advanced Cluster Security Operator now supports the ability to allow users to set the enforcement behavior of the admission controller as part of their custom resource. 3. RHACS now supports kernel modules for Ubuntu 16.04 LTS with extended security maintenance.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-05-19 CVE Reserved
- 2021-08-02 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (5)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/202208-02 | 2022-09-14 | |
| https://access.redhat.com/security/cve/CVE-2021-33198 | 2024-05-22 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1989575 | 2024-05-22 |