CVE-2022-30634

Опубликовано: 15 июл. 2022

Источник: debian

EPSS Низкий

Описание

Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.

Пакеты

Пакет	Статус	Тип
golang-1.18	not-affected	package
golang-1.17	not-affected	package
golang-1.15	not-affected	package
golang-1.11	not-affected	package
golang-1.8	not-affected	package
golang-1.7	not-affected	package

Примечания

https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg
https://go.dev/issue/52561
https://github.com/golang/go/commit/32dedaa69e22f1a058ae90b9484fd4c3b46fbcbf (go1.18.3)
https://github.com/golang/go/commit/2be03d789de905a4b050ff5f3a51b724e1b09494 (go1.17.11)

EPSS

Процентиль: 3%

0.0002

Низкий

Связанные уязвимости

CVE-2022-30634

CVSS3: 7.5

ubuntu

почти 3 года назад

Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.

CVE-2022-30634

CVSS3: 7.5

nvd

почти 3 года назад

Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.

GHSA-vfh9-chgv-wfph

CVSS3: 7.5

github

почти 3 года назад

Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.

SUSE-SU-2022:2005-1

suse-cvrf

около 3 лет назад

Security update for go1.18

SUSE-SU-2022:2004-1

suse-cvrf

около 3 лет назад

Security update for go1.17

EPSS

Процентиль: 3%

0.0002

Низкий