Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-30632

Опубликовано: 12 июл. 2022
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.

A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.

Отчет

The exploitation of this flaw will only result in a denial of service of the application via the application crashing which is why this has been rated as moderate.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Migration Toolkit for Virtualizationmigration-toolkit-virtualization/mtv-controller-rhel9Affected
mirror registry for Red Hat OpenShiftmirror-registry-containerAffected
Node Maintenance Operatorworkload-availability/node-maintenance-rhel8-operatorAffected
OpenShift Developer Tools and ServiceshelmWill not fix
OpenShift Developer Tools and ServicesodoAffected
OpenShift Pipelinesopenshift-pipelines-clientAffected
Red Hat 3scale API Management Platform 23scale-operator-containerAffected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/gatekeeper-rhel8-operatorAffected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/subctl-rhel9Affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/volsync-rhel8Affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-1325
https://bugzilla.redhat.com/show_bug.cgi?id=2107386golang: path/filepath: stack exhaustion in Glob

EPSS

Процентиль: 27%
0.00096
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-30632

CVSS3: 7.5
ubuntu
больше 3 лет назад

Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.

nvd логотип

CVE-2022-30632

CVSS3: 7.5
nvd
больше 3 лет назад

Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.

msrc логотип

CVE-2022-30632

CVSS3: 7.5
msrc
больше 3 лет назад

Stack exhaustion on crafted paths in path/filepath

debian логотип

CVE-2022-30632

CVSS3: 7.5
debian
больше 3 лет назад

Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and ...

github логотип

GHSA-hc24-7m29-5vj7

CVSS3: 7.5
github
больше 3 лет назад

Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.

EPSS

Процентиль: 27%
0.00096
Низкий

7.5 High

CVSS3