Описание
encoding/pem in Go before 1.17.9 and 1.8.x before 1.8.1 has a Decode stack overflow via a large amount of PEM data.
encoding/pem in Go before 1.17.9 and 1.8.x before 1.8.1 has a Decode stack overflow via a large amount of PEM data.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2022-24675
- https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf
- https://groups.google.com/g/golang-announce
- https://groups.google.com/g/golang-announce/c/oecdBNLOml8
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42TYZC4OAY54TO75FBEFAPV5G7O4D5TM
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F3BMW5QGX53CMIJIZWKXFKBJX2C5GWTY
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RCRSABD6CUDIZULZPZL5BJ3ET3A2NEJP
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR
- https://security.gentoo.org/glsa/202208-02
- https://security.netapp.com/advisory/ntap-20220915-0010
Связанные уязвимости
CVSS3: 7.5
ubuntu
больше 3 лет назад
encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.
CVSS3: 7.5
redhat
больше 3 лет назад
encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.
CVSS3: 7.5
nvd
больше 3 лет назад
encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.
CVSS3: 7.5
debian
больше 3 лет назад
encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode ...