Lucene search

K

CVE-2022-1962

🗓️ 10 Aug 2022 20:26:15Reported by GoType 
cve
 cve
🔗 web.nvd.nist.gov👁 226 Views🌐 5 Media mentions

Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations

Show more
Related
Detection
Affected
Refs
Social
ReporterTitlePublishedViews
Family
Prion
Design/Logic Flaw
10 Aug 202220:15
prion
Veracode
Denial Of Service (DoS)
22 Jul 202215:36
veracode
NVD
CVE-2022-1962
10 Aug 202220:15
nvd
CBLMariner
CVE-2022-1962 affecting package golang 1.18.3-1
17 Sep 202205:56
cbl_mariner
CBLMariner
CVE-2022-1962 affecting package golang for versions less than 1.18.5-1
16 Sep 202206:05
cbl_mariner
OSV
BIT-golang-2022-1962
6 Mar 202411:02
osv
OSV
CVE-2022-1962
10 Aug 202220:15
osv
OSV
velero-1.9.2-1.1 on GA media
15 Jun 202400:00
osv
OSV
Stack exhaustion due to deeply nested types in go/parser
20 Jul 202217:01
osv
OSV
Red Hat Security Advisory: Red Hat Application Interconnect 1.0 Release (rpms)
30 Sep 202414:23
osv
Rows per page
Nvd
Node
golanggoRange<1.17.12
OR
golanggoRange1.18.01.18.4
[
  {
    "vendor": "Go standard library",
    "product": "go/parser",
    "collectionURL": "https://pkg.go.dev",
    "packageName": "go/parser",
    "versions": [
      {
        "version": "0",
        "lessThan": "1.17.12",
        "status": "affected",
        "versionType": "semver"
      },
      {
        "version": "1.18.0-0",
        "lessThan": "1.18.4",
        "status": "affected",
        "versionType": "semver"
      }
    ],
    "programRoutines": [
      {
        "name": "ParseFile"
      },
      {
        "name": "ParseExprFrom"
      },
      {
        "name": "parser.tryIdentOrType"
      },
      {
        "name": "parser.parsePrimaryExpr"
      },
      {
        "name": "parser.parseUnaryExpr"
      },
      {
        "name": "parser.parseBinaryExpr"
      },
      {
        "name": "parser.parseIfStmt"
      },
      {
        "name": "parser.parseStmt"
      },
      {
        "name": "resolver.openScope"
      },
      {
        "name": "resolver.closeScope"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
10 Aug 2022 20:15Current
6.7Medium risk
Vulners AI Score6.7
CVSS35.5
EPSS0.001
226
.json
Report