CVE-2022-24675

Отчет

Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability. Red Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. Red Hat Developer Tools - Compilers (go-toolset-1.16-golang & go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle & Updates Policy: https://access.redhat.com/support/policy/updates/errata/. Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low. Red Hat follows best practice and federal requirements for least privilege, allowing only specific processes to be run with isolated accounts specific to the team and federal platforms that have limited privileges that are only used for a single task. The environment leverages file integrity checks and malicious code protections, such as IPS/IDS and antimalware solutions, to help detect and prevent malicious code that attempts to exploit buffer overflow vulnerabilities. Robust input validation and error-handling mechanisms ensure all user inputs are thoroughly validated, preventing improperly validated inputs from causing system instability, exposing sensitive data, or escalating risks.