5241 matches found
CVE-2022-1962
Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations...
CVE-2022-1962 Stack exhaustion due to deeply nested types in go/parser
Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations...
CVE-2022-1962
CVE-2022-1962 involves go/parser: Uncontrolled recursion in the Parse functions can cause a panic due to stack exhaustion when processing deeply nested types or declarations. Affected: Go's parser (go/parser) prior to Go 1.17.12 and Go 1.18.4. Impact: potential denial of availability via panics. ...
CVE-2022-30630
Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators...
CVE-2022-30630
CVE-2022-30630 affects Go's standard library io/fs: Glob panics due to stack exhaustion when evaluating paths with many path separators. Root cause is uncontrolled recursion in Glob. Public advisories indicate remediation via updates to Go 1.17.12 or Go 1.18.4 (and related vendor advisories for a...
CVE-2022-30630
Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators...
CVE-2022-30630 Stack exhaustion in Glob on certain paths in io/fs
Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators...
CVE-2022-30631 Stack exhaustion when reading certain archives in compress/gzip
Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files...
CVE-2022-30631
Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files...
CVE-2022-30631
CVE-2022-30631 affects Go’s standard library compress/gzip, specifically Reader.Read. The issue is an uncontrolled recursion that can cause stack exhaustion and a panic when processing an archive containing a large number of concatenated 0-length compressed files. Affected versions: Go before 1.1...
CVE-2022-30631
Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files...
CVE-2022-30633
The CVE-2022-30633 incident affects Go's encoding/xml package: Unmarshal can panic due to stack exhaustion when unmarshalling XML into a struct with nested fields using the any tag, in Go versions prior to 1.17.12 and 1.18.4. The published advisories (including ALAS2023-2023-046, ALAS2023-2023-04...
CVE-2022-30633
Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag...
CVE-2022-30635
Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures...
CVE-2022-30635 Stack exhaustion when decoding certain messages in encoding/gob
Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures...
CVE-2022-30635
CVE-2022-30635: Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 can cause a panic due to stack exhaustion when processing deeply nested structures. The description notes this as a vulnerability in Go’s gob decoding. Affected component: encoding/gob; root c...
CVE-2022-30632
CVE-2022-30632 affects the Go standard library (path/filepath) where calling Glob on a path that contains a large number of path separators can cause a panic from stack exhaustion, impacting availability. Affected component: Go’s path/filepath Glob implementation (pre-Go 1.17.12 and pre-Go 1.18.4...
CVE-2022-30632 Stack exhaustion on crafted paths in path/filepath
Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators...
CVE-2022-30632
Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators...
CVE-2022-30632
Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators...