Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-2879

Опубликовано: 14 окт. 2022
Источник: debian
EPSS Низкий

Описание

Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
golang-1.19fixed1.19.2-1package
golang-1.18fixed1.18.7-1package
golang-1.17unfixedpackage
golang-1.15removedpackage
golang-1.15no-dsabullseyepackage
golang-1.11removedpackage
golang-1.11postponedbusterpackage

Примечания

  • https://go.dev/issue/54853

  • https://github.com/golang/go/commit/4fa773cdefd20be093c84f731be7d4febf5536fa (go1.19.2)

  • https://github.com/golang/go/commit/0a723816cd205576945fa57fbdde7e6532d59d08 (go1.18.7)

EPSS

Процентиль: 2%
0.00015
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2022-2879

CVSS3: 7.5
ubuntu
больше 2 лет назад

Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB.

redhat логотип

CVE-2022-2879

CVSS3: 6.5
redhat
больше 2 лет назад

Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB.

nvd логотип

CVE-2022-2879

CVSS3: 7.5
nvd
больше 2 лет назад

Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB.

msrc логотип

CVE-2022-2879

CVSS3: 7.5
msrc
10 месяцев назад

Описание отсутствует

github логотип

GHSA-fqpx-62jv-7r6r

CVSS3: 7.5
github
больше 2 лет назад

Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB.

EPSS

Процентиль: 2%
0.00015
Низкий