Описание
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| golang-1.23 | fixed | 1.23.1-1 | package | |
| golang-1.22 | fixed | 1.22.7-1 | package | |
| golang-1.21 | unfixed | package | ||
| golang-1.19 | removed | package | ||
| golang-1.19 | no-dsa | bookworm | package | |
| golang-1.15 | removed | package | ||
| golang-1.15 | postponed | bullseye | package |
Примечания
https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc
https://go.dev/issue/69139
https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1)
https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7)
EPSS
Связанные уязвимости
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
EPSS