Описание
Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| golang-1.19 | fixed | 1.19~rc2-1 | package | |
| golang-1.18 | fixed | 1.18.4-1 | package | |
| golang-1.17 | fixed | 1.17.13-1 | package | |
| golang-1.15 | removed | package | ||
| golang-1.15 | no-dsa | bullseye | package | |
| golang-1.11 | removed | package | ||
| golang-1.11 | postponed | buster | package |
Примечания
https://go.dev/issue/53616
https://github.com/golang/go/commit/695be961d57508da5a82217f7415200a11845879 (go1.19rc2)
https://github.com/golang/go/commit/0d1615b23f9a558aa0a1957b4c81596220eb8ec4 (go1.18.4)
https://github.com/golang/go/commit/ba8788ebcead55e99e631c6a1157ad7b35535d11 (go1.17.12)
EPSS
Связанные уязвимости
Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.
Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.
Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.
Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.
EPSS