CVE-2022-1962

🗓️ 09 Aug 2022 20:18:18Reported by GoType

cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 394 Views

Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations

Reporter	Title	Published	Views	Family All 316
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Go may affect IBM CICS TX Standard	24 Feb 202310:43	–	ibm
IBM Security Bulletins	Security Bulletin:IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from openssl, pcre2 and Golang Go	31 Aug 202216:17	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM API Connect	15 Mar 202500:18	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak System is vulnerable to multiple vulnerabilities in Golang Go	31 Mar 202314:14	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container operator and IntegrationServer operands may be vulnerable to denial of service due to CVE-2022-1962	4 Nov 202217:28	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Data is vulnerable to a variety of issues due to 3rd party software	27 Sep 202417:52	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Golang Go affect watsonx.data	3 Sep 202420:26	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in the mongo-tools utility affect IBM WebSphere Automation	29 Mar 202317:13	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is affected by multiple vulnerabilities in Golang Go	5 Jul 202321:52	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Golang Go affect IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and Red Hat OpenShift	18 Nov 202200:02	–	ibm

NVD

Node

golang goRange<1.17.12

golang goRange1.18.0–1.18.4

[
  {
    "vendor": "Go standard library",
    "product": "go/parser",
    "collectionURL": "https://pkg.go.dev",
    "packageName": "go/parser",
    "versions": [
      {
        "version": "0",
        "lessThan": "1.17.12",
        "status": "affected",
        "versionType": "semver"
      },
      {
        "version": "1.18.0-0",
        "lessThan": "1.18.4",
        "status": "affected",
        "versionType": "semver"
      }
    ],
    "programRoutines": [
      {
        "name": "ParseFile"
      },
      {
        "name": "ParseExprFrom"
      },
      {
        "name": "parser.tryIdentOrType"
      },
      {
        "name": "parser.parsePrimaryExpr"
      },
      {
        "name": "parser.parseUnaryExpr"
      },
      {
        "name": "parser.parseBinaryExpr"
      },
      {
        "name": "parser.parseIfStmt"
      },
      {
        "name": "parser.parseStmt"
      },
      {
        "name": "resolver.openScope"
      },
      {
        "name": "resolver.closeScope"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
groups	www.groups.google.com/g/golang-announce/c/nqrv9fbR0zE
pkg	www.pkg.go.dev/vuln/GO-2022-0515
go	www.go.googlesource.com/go/+/695be961d57508da5a82217f7415200a11845879
go	www.go.dev/cl/417063
go	www.go.dev/issue/53616

06 Mar 2026 20:16Current

6.7Medium risk

Vulners AI Score6.7

CVSS 3.15.5

EPSS0.00005

SSVC

CWE-674