Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-24675

Опубликовано: 12 апр. 2022
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.

A buffer overflow flaw was found in Golang's library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB), causing a stack overflow in Decode, which leads to a loss of availability.

Отчет

Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability. Red Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. Red Hat Developer Tools - Compilers (go-toolset-1.16-golang & go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle & Updates Policy: https://access.redhat.com/support/policy/updates/errata/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Migration Toolkit for ContainerscpmaWill not fix
Migration Toolkit for Virtualizationmigration-toolkit-virtualization/mtv-controller-rhel9Affected
Migration Toolkit for Virtualizationmigration-toolkit-virtualization/mtv-must-gather-api-rhel8Affected
mirror registry for Red Hat OpenShiftmirror-registry-containerWill not fix
OpenShift Developer Tools and ServiceshelmAffected
OpenShift Developer Tools and ServicesodoAffected
OpenShift Pipelinesopenshift-pipelines-clientAffected
OpenShift ServerlessCLIAffected
OpenShift Serverlessknative-eventingAffected
OpenShift Serverlessknative-servingAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-120
https://bugzilla.redhat.com/show_bug.cgi?id=2077688golang: encoding/pem: fix stack overflow in Decode

EPSS

Процентиль: 39%
0.00179
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-24675

CVSS3: 7.5
ubuntu
почти 4 года назад

encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.

nvd логотип

CVE-2022-24675

CVSS3: 7.5
nvd
почти 4 года назад

encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.

msrc логотип

CVE-2022-24675

CVSS3: 7.5
msrc
почти 4 года назад

encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.

debian логотип

CVE-2022-24675

CVSS3: 7.5
debian
почти 4 года назад

encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode ...

github логотип

GHSA-q42m-q8hq-53rj

CVSS3: 7.5
github
почти 4 года назад

encoding/pem in Go before 1.17.9 and 1.8.x before 1.8.1 has a Decode stack overflow via a large amount of PEM data.

EPSS

Процентиль: 39%
0.00179
Низкий

7.5 High

CVSS3

Уязвимость CVE-2022-24675