Lucene search

K
cvelistGoCVELIST:CVE-2022-30632
HistoryAug 09, 2022 - 8:15 p.m.

CVE-2022-30632 Stack exhaustion on crafted paths in path/filepath

2022-08-0920:15:37
Go
www.cve.org

7.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.9%

Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.

CNA Affected

[
  {
    "vendor": "Go standard library",
    "product": "path/filepath",
    "collectionURL": "https://pkg.go.dev",
    "packageName": "path/filepath",
    "versions": [
      {
        "version": "0",
        "lessThan": "1.17.12",
        "status": "affected",
        "versionType": "semver"
      },
      {
        "version": "1.18.0-0",
        "lessThan": "1.18.4",
        "status": "affected",
        "versionType": "semver"
      }
    ],
    "programRoutines": [
      {
        "name": "Glob"
      }
    ],
    "defaultStatus": "unaffected"
  }
]