Описание
Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.
A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Builds for Red Hat OpenShift | openshift-builds/openshift-builds-waiters-rhel8 | Not affected | ||
| cert-manager Operator for Red Hat OpenShift | cert-manager/cert-manager-operator-rhel9 | Not affected | ||
| Cost Management Metrics Operator | costmanagement/costmanagement-metrics-rhel8-operator | Not affected | ||
| Cryostat 2 | cryostat-tech-preview/cryostat-rhel8-operator | Fix deferred | ||
| Fence Agents Remediation Operator | workload-availability/fence-agents-remediation-rhel8-operator | Affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/logging-loki-rhel8 | Not affected | ||
| Logical Volume Manager Storage | lvms4/topolvm-rhel9 | Not affected | ||
| Machine Deletion Remediation Operator | workload-availability/machine-deletion-remediation-rhel8-operator | Not affected | ||
| Migration Toolkit for Containers | rhmtc/openshift-migration-registry-rhel8 | Affected | ||
| Migration Toolkit for Virtualization | migration-toolkit-virtualization/mtv-api-rhel9 | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.
Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.
Uncontrolled recursion in the Parse functions in go/parser before Go 1 ...
Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.
EPSS
5.5 Medium
CVSS3