2 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-24921
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. CVE-2022-24921 Note that Nessus relies on t...
golang: regexp/syntax: limit memory used by parsing regexps
A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as...