csaf_certbund - wid-sec-w-2022-0879

wid-sec-w-2022-0879

Vulnerability from csaf_certbund

Published

2022-08-01 22:00

Modified

2024-04-29 22:00

Summary

Red Hat Enterprise Linux: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um einen Denial of Service Angriff durchzuführen oder Dateien zu manipulieren.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren oder Dateien zu manipulieren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2022-0879 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0879.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2022-0879 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0879"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:5775 vom 2022-08-01",
        "url": "https://access.redhat.com/errata/RHSA-2022:5775"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:5799 vom 2022-08-01",
        "url": "https://access.redhat.com/errata/RHSA-2022:5799"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:5866 vom 2022-08-03",
        "url": "https://access.redhat.com/errata/RHSA-2022:5866"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2022-5799 vom 2022-08-02",
        "url": "http://linux.oracle.com/errata/ELSA-2022-5799.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2022-5775 vom 2022-08-04",
        "url": "http://linux.oracle.com/errata/ELSA-2022-5775.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:2671-1 vom 2022-08-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-August/011802.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:5924 vom 2022-08-09",
        "url": "https://access.redhat.com/errata/RHSA-2022:5924"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:5923 vom 2022-08-08",
        "url": "https://access.redhat.com/errata/RHSA-2022:5923"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:5875 vom 2022-08-09",
        "url": "https://access.redhat.com/errata/RHSA-2022:5875"
      },
      {
        "category": "external",
        "summary": "Gentoo Linux Security Advisory GLSA-202208-02 vom 2022-08-09",
        "url": "https://security.gentoo.org/glsa/202208-02"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6042 vom 2022-08-10",
        "url": "https://access.redhat.com/errata/RHSA-2022:6042"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6040 vom 2022-08-10",
        "url": "https://access.redhat.com/errata/RHSA-2022:6040"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6066 vom 2022-08-15",
        "url": "https://www.cybersecurity-help.cz/vdb/SB2022081537"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6065 vom 2022-08-15",
        "url": "https://www.cybersecurity-help.cz/vdb/SB2022081538"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6113 vom 2022-08-18",
        "url": "https://access.redhat.com/errata/RHSA-2022:6113"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6051 vom 2022-08-18",
        "url": "https://access.redhat.com/errata/RHSA-2022:6051"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6053 vom 2022-08-23",
        "url": "https://access.redhat.com/errata/RHSA-2022:6053"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6184 vom 2022-08-25",
        "url": "https://access.redhat.com/errata/RHSA-2022:6184"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6188 vom 2022-08-25",
        "url": "https://access.redhat.com/errata/RHSA-2022:6188"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6187 vom 2022-08-25",
        "url": "https://access.redhat.com/errata/RHSA-2022:6187"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6290 vom 2022-09-01",
        "url": "https://access.redhat.com/errata/RHSA-2022:6290"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6283 vom 2022-09-01",
        "url": "https://access.redhat.com/errata/RHSA-2022:6283"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6152 vom 2022-09-01",
        "url": "https://access.redhat.com/errata/RHSA-2022:6152"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6346 vom 2022-09-06",
        "url": "https://access.redhat.com/errata/RHSA-2022:6346"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6345 vom 2022-09-06",
        "url": "https://access.redhat.com/errata/RHSA-2022:6345"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6183 vom 2022-09-06",
        "url": "https://access.redhat.com/errata/RHSA-2022:6183"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6347 vom 2022-09-06",
        "url": "https://access.redhat.com/errata/RHSA-2022:6347"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6348 vom 2022-09-06",
        "url": "https://access.redhat.com/errata/RHSA-2022:6348"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6370 vom 2022-09-07",
        "url": "https://access.redhat.com/errata/RHSA-2022:6370"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6182 vom 2022-09-06",
        "url": "https://access.redhat.com/errata/RHSA-2022:6182"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6344 vom 2022-09-07",
        "url": "https://access.redhat.com/errata/RHSA-2022:6344"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6262 vom 2022-09-09",
        "url": "https://access.redhat.com/errata/RHSA-2022:6262"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6430 vom 2022-09-13",
        "url": "https://access.redhat.com/errata/RHSA-2022:6430"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6517 vom 2022-09-14",
        "url": "https://access.redhat.com/errata/RHSA-2022:6517"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6308 vom 2022-09-15",
        "url": "https://access.redhat.com/errata/RHSA-2022:6308"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6560 vom 2022-09-26",
        "url": "https://access.redhat.com/errata/RHSA-2022:6560"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6714 vom 2022-09-26",
        "url": "https://access.redhat.com/errata/RHSA-2022:6714"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2022-133 vom 2022-09-29",
        "url": "https://alas.aws.amazon.com/AL2022/ALAS-2022-133.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2DOCKER-2022-020 vom 2022-10-14",
        "url": "https://alas.aws.amazon.com/AL2/ALASDOCKER-2022-020.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:7058 vom 2022-10-20",
        "url": "https://access.redhat.com/errata/RHSA-2022:7058"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2022-1859 vom 2022-10-21",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1859.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2022-1865 vom 2022-10-21",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1865.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2022-1861 vom 2022-10-21",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1861.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2022-1860 vom 2022-10-21",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1860.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2022-1862 vom 2022-10-21",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1862.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2022-1863 vom 2022-10-21",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1863.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2022-1858 vom 2022-10-21",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1858.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2022-1864 vom 2022-10-21",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1864.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:7129 vom 2022-10-25",
        "url": "https://access.redhat.com/errata/RHSA-2022:7129"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2022-7129 vom 2022-10-26",
        "url": "https://linux.oracle.com/errata/ELSA-2022-7129.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:7519 vom 2022-11-08",
        "url": "https://access.redhat.com/errata/RHSA-2022:7519"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:7648 vom 2022-11-08",
        "url": "https://access.redhat.com/errata/RHSA-2022:7648"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:7529 vom 2022-11-08",
        "url": "https://access.redhat.com/errata/RHSA-2022:7529"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:8057 vom 2022-11-15",
        "url": "https://access.redhat.com/errata/RHSA-2022:8057"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:8098 vom 2022-11-15",
        "url": "https://access.redhat.com/errata/RHSA-2022:8098"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:8250 vom 2022-11-15",
        "url": "https://access.redhat.com/errata/RHSA-2022:8250"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2022-24267 vom 2022-11-23",
        "url": "https://linux.oracle.com/errata/ELSA-2022-24267.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:8634 vom 2022-11-28",
        "url": "https://access.redhat.com/errata/RHSA-2022:8634"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:8626 vom 2022-11-29",
        "url": "https://access.redhat.com/errata/RHSA-2022:8626"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:9047 vom 2022-12-15",
        "url": "https://access.redhat.com/errata/RHSA-2022:9047"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:7398 vom 2023-01-18",
        "url": "https://access.redhat.com/errata/RHSA-2022:7398"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:0407 vom 2023-01-24",
        "url": "https://access.redhat.com/errata/RHSA-2023:0407"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:1275 vom 2023-03-15",
        "url": "https://access.redhat.com/errata/RHSA-2023:1275"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:2758 vom 2023-05-16",
        "url": "https://access.redhat.com/errata/RHSA-2023:2758"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:2802 vom 2023-05-16",
        "url": "https://access.redhat.com/errata/RHSA-2023:2802"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:3642 vom 2023-06-15",
        "url": "https://access.redhat.com/errata/RHSA-2023:3642"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:1027 vom 2024-02-28",
        "url": "https://access.redhat.com/errata/RHSA-2024:1027"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:0778 vom 2024-02-12",
        "url": "https://access.redhat.com/errata/RHSA-2024:0778"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:1433 vom 2024-03-20",
        "url": "https://access.redhat.com/errata/RHSA-2024:1433"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2180 vom 2024-04-30",
        "url": "https://access.redhat.com/errata/RHSA-2024:2180"
      }
    ],
    "source_lang": "en-US",
    "title": "Red Hat Enterprise Linux: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-04-29T22:00:00.000+00:00",
      "generator": {
        "date": "2024-04-30T09:40:02.491+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2022-0879",
      "initial_release_date": "2022-08-01T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2022-08-01T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2022-08-02T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
        },
        {
          "date": "2022-08-04T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Oracle Linux und SUSE aufgenommen"
        },
        {
          "date": "2022-08-08T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Red Hat und Fedora aufgenommen"
        },
        {
          "date": "2022-08-09T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Gentoo aufgenommen"
        },
        {
          "date": "2022-08-10T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-08-15T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-08-18T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-08-22T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-08-25T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-08-31T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-09-01T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-09-06T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-09-08T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-09-12T22:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-09-14T22:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-09-26T22:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-09-29T22:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2022-10-13T22:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2022-10-19T22:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-10-23T22:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2022-10-25T22:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
        },
        {
          "date": "2022-11-08T23:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-11-15T23:00:00.000+00:00",
          "number": "24",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-11-23T23:00:00.000+00:00",
          "number": "25",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2022-11-27T23:00:00.000+00:00",
          "number": "26",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-11-28T23:00:00.000+00:00",
          "number": "27",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-12-14T23:00:00.000+00:00",
          "number": "28",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-01-17T23:00:00.000+00:00",
          "number": "29",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-01-24T23:00:00.000+00:00",
          "number": "30",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-03-15T23:00:00.000+00:00",
          "number": "31",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-05-16T22:00:00.000+00:00",
          "number": "32",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-06-15T22:00:00.000+00:00",
          "number": "33",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-02-11T23:00:00.000+00:00",
          "number": "34",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-02-28T23:00:00.000+00:00",
          "number": "35",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-03-19T23:00:00.000+00:00",
          "number": "36",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-04-29T22:00:00.000+00:00",
          "number": "37",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "37"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Gentoo Linux",
            "product": {
              "name": "Gentoo Linux",
              "product_id": "T012167",
              "product_identification_helper": {
                "cpe": "cpe:/o:gentoo:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Gentoo"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux",
                "product": {
                  "name": "Red Hat Enterprise Linux",
                  "product_id": "67646",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:-"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8",
                "product": {
                  "name": "Red Hat Enterprise Linux 8",
                  "product_id": "T014111",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9",
                "product": {
                  "name": "Red Hat Enterprise Linux 9",
                  "product_id": "T023632",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:9"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Enterprise Linux"
          },
          {
            "category": "product_name",
            "name": "Red Hat OpenShift",
            "product": {
              "name": "Red Hat OpenShift",
              "product_id": "T008027",
              "product_identification_helper": {
                "cpe": "cpe:/a:redhat:openshift:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-1705",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in der Komponente \"Golang\" zur\u00fcckzuf\u00fchren. Bei den meisten Fehlern handelt es sich um Stack Exhaustion-Fehler. Weiterhin tritt ein Problem beim Weiterleiten sowie bei der Eingabebereinigung eines Headers auf. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T008027",
          "T002207",
          "T023632",
          "67646",
          "398363",
          "T012167",
          "T004914",
          "T014111"
        ]
      },
      "release_date": "2022-08-01T22:00:00Z",
      "title": "CVE-2022-1705"
    },
    {
      "cve": "CVE-2022-1962",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in der Komponente \"Golang\" zur\u00fcckzuf\u00fchren. Bei den meisten Fehlern handelt es sich um Stack Exhaustion-Fehler. Weiterhin tritt ein Problem beim Weiterleiten sowie bei der Eingabebereinigung eines Headers auf. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T008027",
          "T002207",
          "T023632",
          "67646",
          "398363",
          "T012167",
          "T004914",
          "T014111"
        ]
      },
      "release_date": "2022-08-01T22:00:00Z",
      "title": "CVE-2022-1962"
    },
    {
      "cve": "CVE-2022-28131",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in der Komponente \"Golang\" zur\u00fcckzuf\u00fchren. Bei den meisten Fehlern handelt es sich um Stack Exhaustion-Fehler. Weiterhin tritt ein Problem beim Weiterleiten sowie bei der Eingabebereinigung eines Headers auf. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T008027",
          "T002207",
          "T023632",
          "67646",
          "398363",
          "T012167",
          "T004914",
          "T014111"
        ]
      },
      "release_date": "2022-08-01T22:00:00Z",
      "title": "CVE-2022-28131"
    },
    {
      "cve": "CVE-2022-30630",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in der Komponente \"Golang\" zur\u00fcckzuf\u00fchren. Bei den meisten Fehlern handelt es sich um Stack Exhaustion-Fehler. Weiterhin tritt ein Problem beim Weiterleiten sowie bei der Eingabebereinigung eines Headers auf. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T008027",
          "T002207",
          "T023632",
          "67646",
          "398363",
          "T012167",
          "T004914",
          "T014111"
        ]
      },
      "release_date": "2022-08-01T22:00:00Z",
      "title": "CVE-2022-30630"
    },
    {
      "cve": "CVE-2022-30631",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in der Komponente \"Golang\" zur\u00fcckzuf\u00fchren. Bei den meisten Fehlern handelt es sich um Stack Exhaustion-Fehler. Weiterhin tritt ein Problem beim Weiterleiten sowie bei der Eingabebereinigung eines Headers auf. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T008027",
          "T002207",
          "T023632",
          "67646",
          "398363",
          "T012167",
          "T004914",
          "T014111"
        ]
      },
      "release_date": "2022-08-01T22:00:00Z",
      "title": "CVE-2022-30631"
    },
    {
      "cve": "CVE-2022-30632",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in der Komponente \"Golang\" zur\u00fcckzuf\u00fchren. Bei den meisten Fehlern handelt es sich um Stack Exhaustion-Fehler. Weiterhin tritt ein Problem beim Weiterleiten sowie bei der Eingabebereinigung eines Headers auf. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T008027",
          "T002207",
          "T023632",
          "67646",
          "398363",
          "T012167",
          "T004914",
          "T014111"
        ]
      },
      "release_date": "2022-08-01T22:00:00Z",
      "title": "CVE-2022-30632"
    },
    {
      "cve": "CVE-2022-30633",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in der Komponente \"Golang\" zur\u00fcckzuf\u00fchren. Bei den meisten Fehlern handelt es sich um Stack Exhaustion-Fehler. Weiterhin tritt ein Problem beim Weiterleiten sowie bei der Eingabebereinigung eines Headers auf. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T008027",
          "T002207",
          "T023632",
          "67646",
          "398363",
          "T012167",
          "T004914",
          "T014111"
        ]
      },
      "release_date": "2022-08-01T22:00:00Z",
      "title": "CVE-2022-30633"
    },
    {
      "cve": "CVE-2022-30635",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in der Komponente \"Golang\" zur\u00fcckzuf\u00fchren. Bei den meisten Fehlern handelt es sich um Stack Exhaustion-Fehler. Weiterhin tritt ein Problem beim Weiterleiten sowie bei der Eingabebereinigung eines Headers auf. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T008027",
          "T002207",
          "T023632",
          "67646",
          "398363",
          "T012167",
          "T004914",
          "T014111"
        ]
      },
      "release_date": "2022-08-01T22:00:00Z",
      "title": "CVE-2022-30635"
    },
    {
      "cve": "CVE-2022-32148",
      "notes": [
        {
          "category": "description",
          "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in der Komponente \"Golang\" zur\u00fcckzuf\u00fchren. Bei den meisten Fehlern handelt es sich um Stack Exhaustion-Fehler. Weiterhin tritt ein Problem beim Weiterleiten sowie bei der Eingabebereinigung eines Headers auf. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T008027",
          "T002207",
          "T023632",
          "67646",
          "398363",
          "T012167",
          "T004914",
          "T014111"
        ]
      },
      "release_date": "2022-08-01T22:00:00Z",
      "title": "CVE-2022-32148"
    }
  ]
}

cve-2022-30633

Vulnerability from cvelistv5

Published

2022-08-09 20:16

Modified

2024-08-03 06:56

Severity

Summary

Stack exhaustion when unmarshaling certain documents in encoding/xml

References

URL	Tags
https://go.dev/cl/417061
https://go.googlesource.com/go/+/c4c1993fd2a5b26fe45c09592af6d3388a3b2e08
https://go.dev/issue/53611
https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE
https://pkg.go.dev/vuln/GO-2022-0523

Impacted products

Vendor	Product
Go standard library	encoding/xml

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:56:13.196Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/417061"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.googlesource.com/go/+/c4c1993fd2a5b26fe45c09592af6d3388a3b2e08"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/53611"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2022-0523"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "encoding/xml",
          "product": "encoding/xml",
          "programRoutines": [
            {
              "name": "Decoder.DecodeElement"
            },
            {
              "name": "Decoder.unmarshal"
            },
            {
              "name": "Decoder.unmarshalPath"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.17.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.18.4",
              "status": "affected",
              "version": "1.18.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the \u0027any\u0027 field tag."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-674: Uncontrolled Recursion",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-12T19:04:39.511Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/417061"
        },
        {
          "url": "https://go.googlesource.com/go/+/c4c1993fd2a5b26fe45c09592af6d3388a3b2e08"
        },
        {
          "url": "https://go.dev/issue/53611"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2022-0523"
        }
      ],
      "title": "Stack exhaustion when unmarshaling certain documents in encoding/xml"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2022-30633",
    "datePublished": "2022-08-09T20:16:19",
    "dateReserved": "2022-05-12T00:00:00",
    "dateUpdated": "2024-08-03T06:56:13.196Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-30632

Vulnerability from cvelistv5

Published

2022-08-09 20:15

Modified

2024-08-03 06:56

Severity

Summary

Stack exhaustion on crafted paths in path/filepath

References

URL	Tags
https://go.dev/cl/417066
https://go.googlesource.com/go/+/ac68c6c683409f98250d34ad282b9e1b0c9095ef
https://go.dev/issue/53416
https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE
https://pkg.go.dev/vuln/GO-2022-0522

Impacted products

Vendor	Product
Go standard library	path/filepath

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:56:13.251Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/417066"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.googlesource.com/go/+/ac68c6c683409f98250d34ad282b9e1b0c9095ef"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/53416"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2022-0522"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "path/filepath",
          "product": "path/filepath",
          "programRoutines": [
            {
              "name": "Glob"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.17.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.18.4",
              "status": "affected",
              "version": "1.18.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Juho Nurminen of Mattermost"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-674: Uncontrolled Recursion",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-12T19:04:36.688Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/417066"
        },
        {
          "url": "https://go.googlesource.com/go/+/ac68c6c683409f98250d34ad282b9e1b0c9095ef"
        },
        {
          "url": "https://go.dev/issue/53416"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2022-0522"
        }
      ],
      "title": "Stack exhaustion on crafted paths in path/filepath"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2022-30632",
    "datePublished": "2022-08-09T20:15:37",
    "dateReserved": "2022-05-12T00:00:00",
    "dateUpdated": "2024-08-03T06:56:13.251Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-28131

Vulnerability from cvelistv5

Published

2022-08-09 00:00

Modified

2024-08-03 05:48

Severity

Summary

Stack exhaustion from deeply nested XML documents in encoding/xml

References

URL	Tags
https://go.dev/cl/417062
https://go.googlesource.com/go/+/08c46ed43d80bbb67cb904944ea3417989be4af3
https://go.dev/issue/53614
https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE
https://pkg.go.dev/vuln/GO-2022-0521

Impacted products

Vendor	Product
Go standard library	encoding/xml

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:48:36.830Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/417062"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.googlesource.com/go/+/08c46ed43d80bbb67cb904944ea3417989be4af3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/53614"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2022-0521"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "encoding/xml",
          "product": "encoding/xml",
          "programRoutines": [
            {
              "name": "Decoder.Skip"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.17.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.18.4",
              "status": "affected",
              "version": "1.18.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Go Security Team"
        },
        {
          "lang": "en",
          "value": "Juho Nurminen of Mattermost"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-674: Uncontrolled Recursion",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-12T19:04:35.004Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/417062"
        },
        {
          "url": "https://go.googlesource.com/go/+/08c46ed43d80bbb67cb904944ea3417989be4af3"
        },
        {
          "url": "https://go.dev/issue/53614"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2022-0521"
        }
      ],
      "title": "Stack exhaustion from deeply nested XML documents in encoding/xml"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2022-28131",
    "datePublished": "2022-08-09T00:00:00",
    "dateReserved": "2022-03-29T00:00:00",
    "dateUpdated": "2024-08-03T05:48:36.830Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-30635

Vulnerability from cvelistv5

Published

2022-08-09 20:16

Modified

2024-08-03 06:56

Severity

Summary

Stack exhaustion when decoding certain messages in encoding/gob

References

URL	Tags
https://go.dev/cl/417064
https://go.googlesource.com/go/+/6fa37e98ea4382bf881428ee0c150ce591500eb7
https://go.dev/issue/53615
https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE
https://pkg.go.dev/vuln/GO-2022-0526

Impacted products

Vendor	Product
Go standard library	encoding/gob

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:56:13.235Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/417064"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.googlesource.com/go/+/6fa37e98ea4382bf881428ee0c150ce591500eb7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/53615"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2022-0526"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "encoding/gob",
          "product": "encoding/gob",
          "programRoutines": [
            {
              "name": "Decoder.decIgnoreOpFor"
            },
            {
              "name": "Decoder.compileIgnoreSingle"
            },
            {
              "name": "Decoder.compileDec"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.17.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.18.4",
              "status": "affected",
              "version": "1.18.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-674: Uncontrolled Recursion",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-12T19:04:46.476Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/417064"
        },
        {
          "url": "https://go.googlesource.com/go/+/6fa37e98ea4382bf881428ee0c150ce591500eb7"
        },
        {
          "url": "https://go.dev/issue/53615"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2022-0526"
        }
      ],
      "title": "Stack exhaustion when decoding certain messages in encoding/gob"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2022-30635",
    "datePublished": "2022-08-09T20:16:05",
    "dateReserved": "2022-05-12T00:00:00",
    "dateUpdated": "2024-08-03T06:56:13.235Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-30631

Vulnerability from cvelistv5

Published

2022-08-09 20:16

Modified

2024-08-03 06:56

Severity

Summary

Stack exhaustion when reading certain archives in compress/gzip

References

URL	Tags
https://go.dev/cl/417067
https://go.googlesource.com/go/+/b2b8872c876201eac2d0707276c6999ff3eb185e
https://go.dev/issue/53168
https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE
https://pkg.go.dev/vuln/GO-2022-0524

Impacted products

Vendor	Product
Go standard library	compress/gzip

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:56:13.231Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/417067"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.googlesource.com/go/+/b2b8872c876201eac2d0707276c6999ff3eb185e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/53168"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2022-0524"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "compress/gzip",
          "product": "compress/gzip",
          "programRoutines": [
            {
              "name": "Reader.Read"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.17.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.18.4",
              "status": "affected",
              "version": "1.18.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-674: Uncontrolled Recursion",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-12T19:04:40.977Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/417067"
        },
        {
          "url": "https://go.googlesource.com/go/+/b2b8872c876201eac2d0707276c6999ff3eb185e"
        },
        {
          "url": "https://go.dev/issue/53168"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2022-0524"
        }
      ],
      "title": "Stack exhaustion when reading certain archives in compress/gzip"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2022-30631",
    "datePublished": "2022-08-09T20:16:32",
    "dateReserved": "2022-05-12T00:00:00",
    "dateUpdated": "2024-08-03T06:56:13.231Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-30630

Vulnerability from cvelistv5

Published

2022-08-09 20:17

Modified

2024-08-03 06:56

Severity

Summary

Stack exhaustion in Glob on certain paths in io/fs

References

URL	Tags
https://go.dev/cl/417065
https://go.googlesource.com/go/+/fa2d41d0ca736f3ad6b200b2a4e134364e9acc59
https://go.dev/issue/53415
https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE
https://pkg.go.dev/vuln/GO-2022-0527

Impacted products

Vendor	Product
Go standard library	io/fs

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:56:12.871Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/417065"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.googlesource.com/go/+/fa2d41d0ca736f3ad6b200b2a4e134364e9acc59"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/53415"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2022-0527"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "io/fs",
          "product": "io/fs",
          "programRoutines": [
            {
              "name": "Glob"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.17.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.18.4",
              "status": "affected",
              "version": "1.18.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-674: Uncontrolled Recursion",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-12T19:04:48.349Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/417065"
        },
        {
          "url": "https://go.googlesource.com/go/+/fa2d41d0ca736f3ad6b200b2a4e134364e9acc59"
        },
        {
          "url": "https://go.dev/issue/53415"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2022-0527"
        }
      ],
      "title": "Stack exhaustion in Glob on certain paths in io/fs"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2022-30630",
    "datePublished": "2022-08-09T20:17:15",
    "dateReserved": "2022-05-12T00:00:00",
    "dateUpdated": "2024-08-03T06:56:12.871Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-1962

Vulnerability from cvelistv5

Published

2022-08-09 20:18

Modified

2024-08-03 00:24

Severity

Summary

Stack exhaustion due to deeply nested types in go/parser

References

URL	Tags
https://go.dev/cl/417063
https://go.googlesource.com/go/+/695be961d57508da5a82217f7415200a11845879
https://go.dev/issue/53616
https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE
https://pkg.go.dev/vuln/GO-2022-0515

Impacted products

Vendor	Product
Go standard library	go/parser

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:24:43.737Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/417063"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.googlesource.com/go/+/695be961d57508da5a82217f7415200a11845879"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/53616"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2022-0515"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "go/parser",
          "product": "go/parser",
          "programRoutines": [
            {
              "name": "ParseFile"
            },
            {
              "name": "ParseExprFrom"
            },
            {
              "name": "parser.tryIdentOrType"
            },
            {
              "name": "parser.parsePrimaryExpr"
            },
            {
              "name": "parser.parseUnaryExpr"
            },
            {
              "name": "parser.parseBinaryExpr"
            },
            {
              "name": "parser.parseIfStmt"
            },
            {
              "name": "parser.parseStmt"
            },
            {
              "name": "resolver.openScope"
            },
            {
              "name": "resolver.closeScope"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.17.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.18.4",
              "status": "affected",
              "version": "1.18.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Juho Nurminen of Mattermost"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-674: Uncontrolled Recursion",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-12T19:04:29.406Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/417063"
        },
        {
          "url": "https://go.googlesource.com/go/+/695be961d57508da5a82217f7415200a11845879"
        },
        {
          "url": "https://go.dev/issue/53616"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2022-0515"
        }
      ],
      "title": "Stack exhaustion due to deeply nested types in go/parser"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2022-1962",
    "datePublished": "2022-08-09T20:18:18",
    "dateReserved": "2022-05-31T00:00:00",
    "dateUpdated": "2024-08-03T00:24:43.737Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-32148

Vulnerability from cvelistv5

Published

2022-08-09 20:18

Modified

2024-08-03 07:32

Severity

Summary

Exposure of client IP addresses in net/http

References

URL	Tags
https://go.dev/cl/412857
https://go.googlesource.com/go/+/b2cc0fecc2ccd80e6d5d16542cc684f97b3a9c8a
https://go.dev/issue/53423
https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE
https://pkg.go.dev/vuln/GO-2022-0520

Impacted products

Vendor	Product
Go standard library	net/http

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:32:55.971Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/412857"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.googlesource.com/go/+/b2cc0fecc2ccd80e6d5d16542cc684f97b3a9c8a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/53423"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2022-0520"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "net/http",
          "product": "net/http",
          "programRoutines": [
            {
              "name": "Header.Clone"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.17.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.18.4",
              "status": "affected",
              "version": "1.18.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Christian Mehlmauer"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-200: Information Exposure",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-12T19:04:32.608Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/412857"
        },
        {
          "url": "https://go.googlesource.com/go/+/b2cc0fecc2ccd80e6d5d16542cc684f97b3a9c8a"
        },
        {
          "url": "https://go.dev/issue/53423"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2022-0520"
        }
      ],
      "title": "Exposure of client IP addresses in net/http"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2022-32148",
    "datePublished": "2022-08-09T20:18:21",
    "dateReserved": "2022-05-31T00:00:00",
    "dateUpdated": "2024-08-03T07:32:55.971Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-1705

Vulnerability from cvelistv5

Published

2022-08-09 20:16

Modified

2024-08-03 00:10

Severity

Summary

Improper sanitization of Transfer-Encoding headers in net/http

References

URL	Tags
https://go.dev/cl/409874
https://go.googlesource.com/go/+/e5017a93fcde94f09836200bca55324af037ee5f
https://go.dev/issue/53188
https://go.dev/cl/410714
https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE
https://pkg.go.dev/vuln/GO-2022-0525

Impacted products

Vendor	Product
Go standard library	net/http

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:10:03.918Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/409874"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.googlesource.com/go/+/e5017a93fcde94f09836200bca55324af037ee5f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/53188"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/410714"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2022-0525"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "net/http",
          "product": "net/http",
          "programRoutines": [
            {
              "name": "transferReader.parseTransferEncoding"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.17.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.18.4",
              "status": "affected",
              "version": "1.18.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Zeyu Zhang (https://www.zeyu2001.com/)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-12T19:04:43.089Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/409874"
        },
        {
          "url": "https://go.googlesource.com/go/+/e5017a93fcde94f09836200bca55324af037ee5f"
        },
        {
          "url": "https://go.dev/issue/53188"
        },
        {
          "url": "https://go.dev/cl/410714"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2022-0525"
        }
      ],
      "title": "Improper sanitization of Transfer-Encoding headers in net/http"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2022-1705",
    "datePublished": "2022-08-09T20:16:57",
    "dateReserved": "2022-05-13T00:00:00",
    "dateUpdated": "2024-08-03T00:10:03.918Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Action not permitted

Vulnerability from csaf_certbund

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Tags