Lucene search
GoogleOSV:CVE-2022-30631HistoryAug 10, 2022 - 8:15 p.m.
CVE-2022-30631
2022-08-1020:15:41
Google
osv.dev
12
uncontrolled recursion
reader.read
compress/gzip
go 1.17.12
go 1.18.4
stack exhaustion
0-length compressed files
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.002
Percentile
55.8%
Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files.
Related
redhat
redhat
osv
osv
Stack exhaustion when reading certain archives in compress/gzip
2022-07-20 20:52:11
BIT-golang-2022-30631
2024-03-06 11:00:01
Moderate: runc security update
2024-04-30 00:00:00
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container operator and IntegrationServer operands may be vulnerable to denial of service due to CVE-2022-30631
2022-11-04 16:44:27
debiancve
debiancve
CVE-2022-30631
2022-08-10 20:15:41
nvd
nvd
CVE-2022-30631
2022-08-10 20:15:41
cve
cve
CVE-2022-30631
2022-08-10 20:15:41
cvelist
cvelist
nessus
nessus
RHEL 8 : Red Hat OpenStack Platform 16.2 (collectd-libpod-stats) (RHSA-2022:6062)
2022-08-15 00:00:00
RHEL 8 : Red Hat OpenStack Platform 16.1 (collectd-libpod-stats) (RHSA-2022:6065)
2022-08-15 00:00:00
RHEL 8 : Red Hat OpenStack Platform 16.2 (etcd) (RHSA-2022:6061)
2022-08-15 00:00:00
redhatcve
redhatcve
CVE-2022-30631
2022-07-15 10:32:16
cbl_mariner
cbl_mariner
CVE-2022-30631 affecting package golang for versions less than 1.18.5-1
2022-09-16 06:05:39
CVE-2022-30631 affecting package golang 1.18.3-1
2022-09-17 05:56:44
alpinelinux
alpinelinux
CVE-2022-30631
2022-08-10 20:15:41
prion
prion
Design/Logic Flaw
2022-08-10 20:15:00
veracode
veracode
Denial Of Service (DoS)
2022-07-25 12:47:18
ubuntucve
ubuntucve
CVE-2022-30631
2022-08-10 00:00:00
almalinux
almalinux
Moderate: toolbox security and bug fix update
2022-11-15 00:00:00
Moderate: runc security update
2024-04-30 00:00:00
Moderate: grafana-pcp security update
2022-11-08 00:00:00
rocky
rocky
toolbox security and bug fix update
2022-11-15 06:15:31
grafana-pcp security update
2022-11-15 06:19:30
grafana-pcp security update
2022-11-08 06:25:29
oraclelinux
oraclelinux
runc security update
2024-05-02 00:00:00
grafana-pcp security update
2022-11-15 00:00:00
grafana-pcp security update
2022-11-22 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2022-2710)
2022-11-04 00:00:00
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2022-2317)
2022-09-14 00:00:00
openSUSE: Security Advisory for go1.17 (SUSE-SU-2022:2671-1)
2022-08-05 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package golang version 1.18.4-alt1
2022-07-28 00:00:00
Security fix for the ALT Linux 10 package golang version 1.17.12-alt1.p10
2022-07-29 00:00:00
freebsd
freebsd
go -- multiple vulnerabilities
2022-07-12 00:00:00
mageia
mageia
Updated golang packages fix security vulnerability
2022-07-16 22:58:20
suse
suse
Security update for go1.17 (important)
2022-08-04 00:00:00
Security update for go1.18 (important)
2022-08-04 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2022-0242
2022-09-07 00:00:00
Important Photon OS Security Update - PHSA-2022-4.0-0242
2022-09-07 00:00:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.002
Percentile
55.8%
Related for OSV:CVE-2022-30631