Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-30635

Опубликовано: 10 авг. 2022
Источник: debian
EPSS Низкий

Описание

Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
golang-1.19fixed1.19~rc2-1package
golang-1.18fixed1.18.4-1package
golang-1.17fixed1.17.13-1package
golang-1.15removedpackage
golang-1.15no-dsabullseyepackage
golang-1.11removedpackage
golang-1.11postponedbusterpackage

Примечания

  • https://go.dev/issue/53615

  • https://github.com/golang/go/commit/6fa37e98ea4382bf881428ee0c150ce591500eb7 (go1.19rc2)

  • https://github.com/golang/go/commit/fb979a50823e5a0575cf6166b3f17a13364cbf81 (go1.18.4)

  • https://github.com/golang/go/commit/cd54600b866db0ad068ab8df06c7f5f6cb55c9b3 (go1.17.12)

EPSS

Процентиль: 34%
0.00135
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2022-30635

CVSS3: 7.5
ubuntu
почти 3 года назад

Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.

redhat логотип

CVE-2022-30635

CVSS3: 7.5
redhat
почти 3 года назад

Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.

nvd логотип

CVE-2022-30635

CVSS3: 7.5
nvd
почти 3 года назад

Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.

msrc логотип

CVE-2022-30635

CVSS3: 7.5
msrc
почти 3 года назад

Описание отсутствует

github логотип

GHSA-5fhx-39r8-3jwh

CVSS3: 7.5
github
почти 3 года назад

Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.

EPSS

Процентиль: 34%
0.00135
Низкий