Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
Prion | Design/Logic Flaw | 10 Aug 202220:15 | – | prion |
Veracode | Denial Of Service (DoS) | 22 Jul 202215:36 | – | veracode |
NVD | CVE-2022-1962 | 10 Aug 202220:15 | – | nvd |
CBLMariner | CVE-2022-1962 affecting package golang 1.18.3-1 | 17 Sep 202205:56 | – | cbl_mariner |
CBLMariner | CVE-2022-1962 affecting package golang for versions less than 1.18.5-1 | 16 Sep 202206:05 | – | cbl_mariner |
OSV | BIT-golang-2022-1962 | 6 Mar 202411:02 | – | osv |
OSV | CVE-2022-1962 | 10 Aug 202220:15 | – | osv |
OSV | velero-1.9.2-1.1 on GA media | 15 Jun 202400:00 | – | osv |
OSV | Stack exhaustion due to deeply nested types in go/parser | 20 Jul 202217:01 | – | osv |
OSV | Red Hat Security Advisory: Red Hat Application Interconnect 1.0 Release (rpms) | 30 Sep 202414:23 | – | osv |
[
{
"vendor": "Go standard library",
"product": "go/parser",
"collectionURL": "https://pkg.go.dev",
"packageName": "go/parser",
"versions": [
{
"version": "0",
"lessThan": "1.17.12",
"status": "affected",
"versionType": "semver"
},
{
"version": "1.18.0-0",
"lessThan": "1.18.4",
"status": "affected",
"versionType": "semver"
}
],
"programRoutines": [
{
"name": "ParseFile"
},
{
"name": "ParseExprFrom"
},
{
"name": "parser.tryIdentOrType"
},
{
"name": "parser.parsePrimaryExpr"
},
{
"name": "parser.parseUnaryExpr"
},
{
"name": "parser.parseBinaryExpr"
},
{
"name": "parser.parseIfStmt"
},
{
"name": "parser.parseStmt"
},
{
"name": "resolver.openScope"
},
{
"name": "resolver.closeScope"
}
],
"defaultStatus": "unaffected"
}
]
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo