Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.

Affected configurations

NVD

Node

golanggoRange<1.17.12

golanggoRange1.18.0–1.18.4

References

go.dev/cl/417063

go.dev/issue/53616

go.googlesource.com/go/+/695be961d57508da5a82217f7415200a11845879

groups.google.com/g/golang-announce/c/nqrv9fbR0zE

pkg.go.dev/vuln/GO-2022-0515

cve 1

veracode 1

prion 1

ubuntucve 1

debiancve 1

osv 17

alpinelinux 1

cbl_mariner 2

ibm 17

cvelist 1

redhatcve 1

nessus 69

openvas 14

oraclelinux 9

redhat 25

mageia 1

almalinux 7

altlinux 2

rocky 5

freebsd 1

suse 2

photon 6

amazon 11

fedora 1

ubuntu 2

cve

CVE-2022-1962

2022-08-10 20:15:26

veracode

Denial Of Service (DoS)

2022-07-22 15:36:52

prion

Design/Logic Flaw

2022-08-10 20:15:00

ubuntucve

CVE-2022-1962

2022-08-10 00:00:00

debiancve

CVE-2022-1962

2022-08-10 20:15:26

osv

Stack exhaustion due to deeply nested types in go/parser

2022-07-20 17:01:45

CVE-2022-1962

2022-08-10 20:15:26

BIT-golang-2022-1962

2024-03-06 11:02:59

alpinelinux

CVE-2022-1962

2022-08-10 20:15:26

cbl_mariner

CVE-2022-1962 affecting package golang for versions less than 1.18.5-1

2022-09-16 06:05:39

CVE-2022-1962 affecting package golang 1.18.3-1

2022-09-17 05:56:44

ibm

Security Bulletin: Watson CP4D Data Stores is vulnerable to Golang Go to a denial of service (CVE-2022-1962)

2023-07-03 15:54:52

Security Bulletin: IBM App Connect Enterprise Certified Container operator and IntegrationServer operands may be vulnerable to denial of service due to CVE-2022-1962

2022-11-04 17:28:17

Security Bulletin:IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from openssl, pcre2 and Golang Go

2022-08-31 16:17:06

cvelist

CVE-2022-1962 Stack exhaustion due to deeply nested types in go/parser

2022-08-09 20:18:18

redhatcve

CVE-2022-1962

2022-07-15 10:32:31

nessus

RHEL 9 : golang (Unpatched Vulnerability)

2024-06-03 00:00:00

EulerOS 2.0 SP5 : golang (EulerOS-SA-2022-2439)

2022-10-08 00:00:00

Oracle Linux 9 : go-toolset / and / golang (ELSA-2022-5799)

2022-08-02 00:00:00

openvas

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2022-2439)

2022-10-10 00:00:00

Mageia: Security Advisory (MGASA-2022-0262)

2022-07-18 00:00:00

openSUSE: Security Advisory for go1.17 (SUSE-SU-2022:2671-1)

2022-08-05 00:00:00

oraclelinux

go-toolset:ol8 security and bug fix update

2022-08-03 00:00:00

go-toolset and golang security and bug fix update

2022-08-02 00:00:00

container-tools:3.0 security update

2022-11-15 00:00:00

redhat

(RHSA-2022:6113) Important: Red Hat Application Interconnect 1.0 Release (rpms)

2022-08-18 14:51:43

(RHSA-2022:5775) Important: go-toolset:rhel8 security and bug fix update

2022-08-01 08:57:38

(RHSA-2022:7529) Moderate: container-tools:3.0 security update

2022-11-08 06:22:08

mageia

Updated golang packages fix security vulnerability

2022-07-16 22:58:20

almalinux

Important: go-toolset:rhel8 security and bug fix update

2022-08-01 00:00:00

Moderate: container-tools:3.0 security update

2022-11-08 00:00:00

Important: go-toolset and golang security and bug fix update

2022-08-01 00:00:00

altlinux

Security fix for the ALT Linux 10 package golang version 1.18.4-alt1

2022-07-28 00:00:00

Security fix for the ALT Linux 10 package golang version 1.17.12-alt1.p10

2022-07-29 00:00:00

rocky

container-tools:3.0 security update

2022-11-08 06:22:08

go-toolset:rhel8 security and bug fix update

2022-08-01 08:57:38

go-toolset and golang security and bug fix update

2022-08-01 15:29:25

freebsd

go -- multiple vulnerabilities

2022-07-12 00:00:00

suse

Security update for go1.18 (important)

2022-08-04 00:00:00

Security update for go1.17 (important)

2022-08-04 00:00:00

photon

Important Photon OS Security Update - PHSA-2022-0242

2022-09-07 00:00:00

Important Photon OS Security Update - PHSA-2022-4.0-0242

2022-09-07 00:00:00

Critical Photon OS Security Update - PHSA-2022-0512

2022-09-06 00:00:00

amazon

Important: golist

2022-09-15 04:46:00

Important: golang-github-godbus-dbus

2022-10-17 21:46:00

Important: go-rpm-macros

2022-10-17 21:46:00

fedora

[SECURITY] Fedora 35 Update: fzf-0.29.0-2.fc35

2022-08-17 01:36:21

ubuntu

Go vulnerabilities

2024-01-09 00:00:00

Go vulnerabilities

2023-04-25 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

27.2%

JSON

Related for NVD:CVE-2022-1962

cve1 veracode1 prion1 ubuntucve1 debiancve1 osv17 alpinelinux1 cbl_mariner2 ibm17 cvelist1 redhatcve1 nessus69 openvas14 oraclelinux9 redhat25 mageia1 almalinux7 altlinux2 rocky5 freebsd1 suse2 photon6 amazon11 fedora1 ubuntu2