CVE-2022-23772 security vulnerability in Go 1.16.x and 1.17.x
otramony opened this issue · 1 comments
otramony commented
Is gosu affected by this security vulnerability?
https://nvd.nist.gov/vuln/detail/CVE-2022-23772
Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.
tianon commented
The only "math" stdlib imported even in our transitive dependencies is math/bits
(let alone used) -- gosu
itself definitely is not using math/big
.