Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-41727

Опубликовано: 28 фев. 2023
Источник: redhat
CVSS3: 5.5
EPSS Низкий

Описание

An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service.

A flaw was found in golang. This flaw allows an attacker to craft a malformed TIFF image, which will consume a significant amount of memory when passed to DecodeConfig, leading to a denial of service.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
cert-manager Operator for Red Hat OpenShiftcert-manager/cert-manager-operator-rhel9Not affected
Cost Management Metrics Operatorcostmanagement/costmanagement-metrics-rhel8-operatorNot affected
Cryostat 2cryostat-tech-preview/cryostat-rhel8-operatorNot affected
Custom Metric Autoscaler operator for Red Hat Openshiftcustom-metrics-autoscaler/custom-metrics-autoscaler-rhel8Not affected
Logging Subsystem for Red Hat OpenShiftopenshift-logging/logging-loki-rhel8Not affected
Migration Toolkit for Applications 6mta/mta-hub-rhel8Not affected
Migration Toolkit for Containersrhmtc/openshift-migration-velero-rhel8Not affected
Migration Toolkit for Virtualizationmigration-toolkit-virtualization/mtv-controller-rhel9Not affected
mirror registry for Red Hat OpenShiftmirror-registry-containerNot affected
Node Maintenance Operatorworkload-availability/node-maintenance-rhel8-operatorNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=2174311golang.org/x/image: Uncontrolled Resource Consumption

EPSS

Процентиль: 6%
0.00028
Низкий

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-41727

CVSS3: 5.5
ubuntu
больше 2 лет назад

An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service.

nvd логотип

CVE-2022-41727

CVSS3: 5.5
nvd
больше 2 лет назад

An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service.

debian логотип

CVE-2022-41727

CVSS3: 5.5
debian
больше 2 лет назад

An attacker can craft a malformed TIFF image which will consume a sign ...

github логотип

GHSA-qgc7-mgm3-q253

CVSS3: 5.5
github
больше 2 лет назад

Uncontrolled Resource Consumption in golang.org/x/image

fstec логотип

BDU:2023-07980

CVSS3: 5.5
fstec
больше 2 лет назад

Уязвимость компонента DecodeConfig языка программирования Golang, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 6%
0.00028
Низкий

5.5 Medium

CVSS3