Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Golang Go (CVE-2022-24921).

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Golang Go, caused by improper input validation, which may be exploited to cause a goroutine stack exhaustion CVE-2022-24921. Golang Go is included in some of the operators used in IBM...

containerd CRI stream server: Host memory exhaustion through terminal resize goroutine leak

...

CVE-2022-23471 containerd CRI stream server: Host memory exhaustion through terminal resize goroutine leak

containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user's process fails to launch due to, f...

CVE-2022-23471 containerd CRI stream server: Host memory exhaustion through terminal resize goroutine leak

containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user's process fails to launch due to, f...

PT-2022-20472 · Minio +1 · Minio +1

Name of the Vulnerable Software and Affected Versions: MinIO versions RELEASE.2019-09-25T18-25-51Z through RELEASE.2022-06-02T02-11-04Z Description: The issue is related to an unending go-routine buildup while keeping connections established due to HTTP clients not closing the connections...

GHSA-G3VV-G2J5-45F2 ipld/go-codec-dagpb panics when processing certain blocks

Impact Decoding certain blocks using the go-ipld-prime version of the dag-pb codec go-codec-dagpb can cause a panic. The panic comes from an assumption that the reported link length is accurate, but if the block ends before that reported length then it’s a buffer overread. Patches The issue is...

MGASA-2022-0126 Updated golang packages fix security vulnerability

On 64-bit platforms, an extremely deeply nested expression can cause regexp.Compile to cause goroutine stack exhaustion, forcing the program to exit. Note this applies to very large expressions, on the order of 2MB. CVE-2022-24921...

go -- multiple vulnerabilities

The Go project reports: regexp: stack exhaustion compiling deeply nested expressions On 64-bit platforms, an extremely deeply nested expression can cause regexp.Compile to cause goroutine stack exhaustion, forcing the program to exit. Note this applies to very large expressions, on the order of 2...

GO-2021-0100 Denial of service via deadlock in github.com/containers/storage

Due to a goroutine deadlock, using github.com/containers/storage/pkg/archive.DecompressStream on a xz archive returns a reader which will hang indefinitely when Close is called. An attacker can use this to cause denial of service if they are able to cause the caller to attempt to decompress an...

Denial Of Service (DoS)

github.com/cloudflare/tableflip is vulnerable to denial of service. The vulnerability exists due to a hung goroutine in the parent process after a failed upgrade...

RHEL 7 : docker (RHSA-2016:1034)

An update for docker is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...