Описание
Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.
A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.
Отчет
OpenShift Container Platform (OCP) starting from 4.10 stream is already compiled in the patched version of Go, hence is not affected by this vulnerability.The vulnerability has been rated as moderate instead of high because the vulnerability can only result in a minor denial of service.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Migration Toolkit for Virtualization | migration-toolkit-virtualization/mtv-controller-rhel9 | Affected | ||
| OpenShift Developer Tools and Services | odo | Affected | ||
| OpenShift Pipelines | openshift-pipelines-client | Affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/gatekeeper-rhel8-operator | Affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/subctl-rhel9 | Affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/volsync-rhel8 | Affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/work-rhel8 | Affected | ||
| Red Hat Advanced Cluster Security 3 | advanced-cluster-security/rhacs-main-rhel8 | Affected | ||
| Red Hat Ansible Automation Platform 2 | openshift-clients | Affected | ||
| Red Hat Ceph Storage 3 | golang | Out of support scope |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.
Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.
Stack exhaustion when decoding certain messages in encoding/gob
Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.1 ...
Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.
7.5 High
CVSS3