Vulnerability-Lookup

WID-SEC-W-2022-0879

Vulnerability from csaf_certbund - Published: 2022-08-01 22:00 - Updated: 2026-02-16 23:00

Summary

Red Hat Enterprise Linux: Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um einen Denial of Service Angriff durchzuführen oder Dateien zu manipulieren.

Betroffene Betriebssysteme: - Linux

CVE-2022-1705

CVE-2022-1962

CVE-2022-28131

CVE-2022-30630

CVE-2022-30631

CVE-2022-30632

CVE-2022-30633

CVE-2022-30635

CVE-2022-32148

References

URL

Category

	https://wid.cert-bund.de/.well-known/csaf/white/2…	self
	https://wid.cert-bund.de/portal/wid/securityadvis…	self
	https://access.redhat.com/errata/RHSA-2022:5775	external
	https://access.redhat.com/errata/RHSA-2022:5799	external
	https://access.redhat.com/errata/RHSA-2022:5866	external
	http://linux.oracle.com/errata/ELSA-2022-5799.html	external
	http://linux.oracle.com/errata/ELSA-2022-5775.html	external
	https://lists.suse.com/pipermail/sle-security-upd…	external
	https://access.redhat.com/errata/RHSA-2022:5924	external
	https://access.redhat.com/errata/RHSA-2022:5923	external
	https://access.redhat.com/errata/RHSA-2022:5875	external
	https://security.gentoo.org/glsa/202208-02	external
	https://access.redhat.com/errata/RHSA-2022:6042	external
	https://access.redhat.com/errata/RHSA-2022:6040	external
	https://www.cybersecurity-help.cz/vdb/SB2022081537	external
	https://www.cybersecurity-help.cz/vdb/SB2022081538	external
	https://access.redhat.com/errata/RHSA-2022:6113	external
	https://access.redhat.com/errata/RHSA-2022:6051	external
	https://access.redhat.com/errata/RHSA-2022:6053	external
	https://access.redhat.com/errata/RHSA-2022:6184	external
	https://access.redhat.com/errata/RHSA-2022:6188	external
	https://access.redhat.com/errata/RHSA-2022:6187	external
	https://access.redhat.com/errata/RHSA-2022:6290	external
	https://access.redhat.com/errata/RHSA-2022:6283	external
	https://access.redhat.com/errata/RHSA-2022:6152	external
	https://access.redhat.com/errata/RHSA-2022:6346	external
	https://access.redhat.com/errata/RHSA-2022:6345	external
	https://access.redhat.com/errata/RHSA-2022:6183	external
	https://access.redhat.com/errata/RHSA-2022:6347	external
	https://access.redhat.com/errata/RHSA-2022:6348	external
	https://access.redhat.com/errata/RHSA-2022:6370	external
	https://access.redhat.com/errata/RHSA-2022:6182	external
	https://access.redhat.com/errata/RHSA-2022:6344	external
	https://access.redhat.com/errata/RHSA-2022:6262	external
	https://access.redhat.com/errata/RHSA-2022:6430	external
	https://access.redhat.com/errata/RHSA-2022:6517	external
	https://access.redhat.com/errata/RHSA-2022:6308	external
	https://access.redhat.com/errata/RHSA-2022:6560	external
	https://access.redhat.com/errata/RHSA-2022:6714	external
	https://alas.aws.amazon.com/AL2022/ALAS-2022-133.html	external
	https://alas.aws.amazon.com/AL2/ALASDOCKER-2022-0…	external
	https://access.redhat.com/errata/RHSA-2022:7058	external
	https://alas.aws.amazon.com/AL2/ALAS-2022-1859.html	external
	https://alas.aws.amazon.com/AL2/ALAS-2022-1865.html	external
	https://alas.aws.amazon.com/AL2/ALAS-2022-1861.html	external
	https://alas.aws.amazon.com/AL2/ALAS-2022-1860.html	external
	https://alas.aws.amazon.com/AL2/ALAS-2022-1862.html	external
	https://alas.aws.amazon.com/AL2/ALAS-2022-1863.html	external
	https://alas.aws.amazon.com/AL2/ALAS-2022-1858.html	external
	https://alas.aws.amazon.com/AL2/ALAS-2022-1864.html	external
	https://access.redhat.com/errata/RHSA-2022:7129	external
	https://linux.oracle.com/errata/ELSA-2022-7129.html	external
	https://access.redhat.com/errata/RHSA-2022:7519	external
	https://access.redhat.com/errata/RHSA-2022:7648	external
	https://access.redhat.com/errata/RHSA-2022:7529	external
	https://access.redhat.com/errata/RHSA-2022:8057	external
	https://access.redhat.com/errata/RHSA-2022:8098	external
	https://access.redhat.com/errata/RHSA-2022:8250	external
	https://linux.oracle.com/errata/ELSA-2022-24267.html	external
	https://access.redhat.com/errata/RHSA-2022:8634	external
	https://access.redhat.com/errata/RHSA-2022:8626	external
	https://access.redhat.com/errata/RHSA-2022:9047	external
	https://access.redhat.com/errata/RHSA-2022:7398	external
	https://access.redhat.com/errata/RHSA-2023:0407	external
	https://access.redhat.com/errata/RHSA-2023:1275	external
	https://access.redhat.com/errata/RHSA-2023:2758	external
	https://access.redhat.com/errata/RHSA-2023:2802	external
	https://access.redhat.com/errata/RHSA-2023:3642	external
	https://access.redhat.com/errata/RHSA-2024:0778	external
	https://access.redhat.com/errata/RHSA-2024:1027	external
	https://access.redhat.com/errata/RHSA-2024:1433	external
	https://access.redhat.com/errata/RHSA-2024:2180	external
	https://alas.aws.amazon.com/AL2/ALASECS-2025-057.html	external
	https://alas.aws.amazon.com/AL2/ALASNITRO-ENCLAVE…	external
	https://access.redhat.com/errata/RHSA-2025:22287	external
	https://errata.build.resf.org/RLSA-2023:2758	external
	https://errata.build.resf.org/RLSA-2023:2802	external
	https://access.redhat.com/errata/RHSA-2025:23546	external
	https://access.redhat.com/errata/RHSA-2026:2164	external
	https://access.redhat.com/errata/RHSA-2026:2762	external
	https://access.redhat.com/errata/RHSA-2026:2754	external
	https://access.redhat.com/errata/RHSA-2026:2681	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren oder Dateien zu manipulieren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2022-0879 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0879.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2022-0879 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0879"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:5775 vom 2022-08-01",
        "url": "https://access.redhat.com/errata/RHSA-2022:5775"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:5799 vom 2022-08-01",
        "url": "https://access.redhat.com/errata/RHSA-2022:5799"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:5866 vom 2022-08-03",
        "url": "https://access.redhat.com/errata/RHSA-2022:5866"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2022-5799 vom 2022-08-02",
        "url": "http://linux.oracle.com/errata/ELSA-2022-5799.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2022-5775 vom 2022-08-04",
        "url": "http://linux.oracle.com/errata/ELSA-2022-5775.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:2671-1 vom 2022-08-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-August/011802.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:5924 vom 2022-08-09",
        "url": "https://access.redhat.com/errata/RHSA-2022:5924"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:5923 vom 2022-08-08",
        "url": "https://access.redhat.com/errata/RHSA-2022:5923"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:5875 vom 2022-08-09",
        "url": "https://access.redhat.com/errata/RHSA-2022:5875"
      },
      {
        "category": "external",
        "summary": "Gentoo Linux Security Advisory GLSA-202208-02 vom 2022-08-09",
        "url": "https://security.gentoo.org/glsa/202208-02"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6042 vom 2022-08-10",
        "url": "https://access.redhat.com/errata/RHSA-2022:6042"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6040 vom 2022-08-10",
        "url": "https://access.redhat.com/errata/RHSA-2022:6040"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6066 vom 2022-08-15",
        "url": "https://www.cybersecurity-help.cz/vdb/SB2022081537"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6065 vom 2022-08-15",
        "url": "https://www.cybersecurity-help.cz/vdb/SB2022081538"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6113 vom 2022-08-18",
        "url": "https://access.redhat.com/errata/RHSA-2022:6113"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6051 vom 2022-08-18",
        "url": "https://access.redhat.com/errata/RHSA-2022:6051"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6053 vom 2022-08-23",
        "url": "https://access.redhat.com/errata/RHSA-2022:6053"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6184 vom 2022-08-25",
        "url": "https://access.redhat.com/errata/RHSA-2022:6184"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6188 vom 2022-08-25",
        "url": "https://access.redhat.com/errata/RHSA-2022:6188"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6187 vom 2022-08-25",
        "url": "https://access.redhat.com/errata/RHSA-2022:6187"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6290 vom 2022-09-01",
        "url": "https://access.redhat.com/errata/RHSA-2022:6290"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6283 vom 2022-09-01",
        "url": "https://access.redhat.com/errata/RHSA-2022:6283"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6152 vom 2022-09-01",
        "url": "https://access.redhat.com/errata/RHSA-2022:6152"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6346 vom 2022-09-06",
        "url": "https://access.redhat.com/errata/RHSA-2022:6346"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6345 vom 2022-09-06",
        "url": "https://access.redhat.com/errata/RHSA-2022:6345"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6183 vom 2022-09-06",
        "url": "https://access.redhat.com/errata/RHSA-2022:6183"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6347 vom 2022-09-06",
        "url": "https://access.redhat.com/errata/RHSA-2022:6347"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6348 vom 2022-09-06",
        "url": "https://access.redhat.com/errata/RHSA-2022:6348"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6370 vom 2022-09-07",
        "url": "https://access.redhat.com/errata/RHSA-2022:6370"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6182 vom 2022-09-06",
        "url": "https://access.redhat.com/errata/RHSA-2022:6182"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6344 vom 2022-09-07",
        "url": "https://access.redhat.com/errata/RHSA-2022:6344"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6262 vom 2022-09-09",
        "url": "https://access.redhat.com/errata/RHSA-2022:6262"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6430 vom 2022-09-13",
        "url": "https://access.redhat.com/errata/RHSA-2022:6430"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6517 vom 2022-09-14",
        "url": "https://access.redhat.com/errata/RHSA-2022:6517"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6308 vom 2022-09-15",
        "url": "https://access.redhat.com/errata/RHSA-2022:6308"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6560 vom 2022-09-26",
        "url": "https://access.redhat.com/errata/RHSA-2022:6560"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6714 vom 2022-09-26",
        "url": "https://access.redhat.com/errata/RHSA-2022:6714"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2022-133 vom 2022-09-29",
        "url": "https://alas.aws.amazon.com/AL2022/ALAS-2022-133.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2DOCKER-2022-020 vom 2022-10-14",
        "url": "https://alas.aws.amazon.com/AL2/ALASDOCKER-2022-020.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:7058 vom 2022-10-20",
        "url": "https://access.redhat.com/errata/RHSA-2022:7058"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2022-1859 vom 2022-10-21",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1859.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2022-1865 vom 2022-10-21",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1865.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2022-1861 vom 2022-10-21",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1861.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2022-1860 vom 2022-10-21",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1860.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2022-1862 vom 2022-10-21",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1862.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2022-1863 vom 2022-10-21",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1863.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2022-1858 vom 2022-10-21",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1858.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2022-1864 vom 2022-10-21",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1864.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:7129 vom 2022-10-25",
        "url": "https://access.redhat.com/errata/RHSA-2022:7129"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2022-7129 vom 2022-10-26",
        "url": "https://linux.oracle.com/errata/ELSA-2022-7129.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:7519 vom 2022-11-08",
        "url": "https://access.redhat.com/errata/RHSA-2022:7519"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:7648 vom 2022-11-08",
        "url": "https://access.redhat.com/errata/RHSA-2022:7648"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:7529 vom 2022-11-08",
        "url": "https://access.redhat.com/errata/RHSA-2022:7529"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:8057 vom 2022-11-15",
        "url": "https://access.redhat.com/errata/RHSA-2022:8057"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:8098 vom 2022-11-15",
        "url": "https://access.redhat.com/errata/RHSA-2022:8098"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:8250 vom 2022-11-15",
        "url": "https://access.redhat.com/errata/RHSA-2022:8250"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2022-24267 vom 2022-11-23",
        "url": "https://linux.oracle.com/errata/ELSA-2022-24267.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:8634 vom 2022-11-28",
        "url": "https://access.redhat.com/errata/RHSA-2022:8634"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:8626 vom 2022-11-29",
        "url": "https://access.redhat.com/errata/RHSA-2022:8626"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:9047 vom 2022-12-15",
        "url": "https://access.redhat.com/errata/RHSA-2022:9047"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:7398 vom 2023-01-18",
        "url": "https://access.redhat.com/errata/RHSA-2022:7398"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:0407 vom 2023-01-24",
        "url": "https://access.redhat.com/errata/RHSA-2023:0407"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:1275 vom 2023-03-15",
        "url": "https://access.redhat.com/errata/RHSA-2023:1275"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:2758 vom 2023-05-16",
        "url": "https://access.redhat.com/errata/RHSA-2023:2758"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:2802 vom 2023-05-16",
        "url": "https://access.redhat.com/errata/RHSA-2023:2802"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:3642 vom 2023-06-15",
        "url": "https://access.redhat.com/errata/RHSA-2023:3642"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:0778 vom 2024-02-12",
        "url": "https://access.redhat.com/errata/RHSA-2024:0778"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:1027 vom 2024-02-28",
        "url": "https://access.redhat.com/errata/RHSA-2024:1027"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:1433 vom 2024-03-20",
        "url": "https://access.redhat.com/errata/RHSA-2024:1433"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2180 vom 2024-04-30",
        "url": "https://access.redhat.com/errata/RHSA-2024:2180"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALASECS-2025-057 vom 2025-04-29",
        "url": "https://alas.aws.amazon.com/AL2/ALASECS-2025-057.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALASNITRO-ENCLAVES-2025-055 vom 2025-04-29",
        "url": "https://alas.aws.amazon.com/AL2/ALASNITRO-ENCLAVES-2025-055.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:22287 vom 2025-11-27",
        "url": "https://access.redhat.com/errata/RHSA-2025:22287"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2023:2758 vom 2025-11-28",
        "url": "https://errata.build.resf.org/RLSA-2023:2758"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2023:2802 vom 2025-11-28",
        "url": "https://errata.build.resf.org/RLSA-2023:2802"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:23546 vom 2025-12-17",
        "url": "https://access.redhat.com/errata/RHSA-2025:23546"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:2164 vom 2026-02-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:2164"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:2762 vom 2026-02-16",
        "url": "https://access.redhat.com/errata/RHSA-2026:2762"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:2754 vom 2026-02-16",
        "url": "https://access.redhat.com/errata/RHSA-2026:2754"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:2681 vom 2026-02-16",
        "url": "https://access.redhat.com/errata/RHSA-2026:2681"
      }
    ],
    "source_lang": "en-US",
    "title": "Red Hat Enterprise Linux: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-02-16T23:00:00.000+00:00",
      "generator": {
        "date": "2026-02-17T09:25:28.975+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2022-0879",
      "initial_release_date": "2022-08-01T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2022-08-01T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2022-08-02T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
        },
        {
          "date": "2022-08-04T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Oracle Linux und SUSE aufgenommen"
        },
        {
          "date": "2022-08-08T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Red Hat und Fedora aufgenommen"
        },
        {
          "date": "2022-08-09T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Gentoo aufgenommen"
        },
        {
          "date": "2022-08-10T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-08-15T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-08-18T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-08-22T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-08-25T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-08-31T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-09-01T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-09-06T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-09-08T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-09-12T22:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-09-14T22:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-09-26T22:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-09-29T22:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2022-10-13T22:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2022-10-19T22:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-10-23T22:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2022-10-25T22:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
        },
        {
          "date": "2022-11-08T23:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-11-15T23:00:00.000+00:00",
          "number": "24",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-11-23T23:00:00.000+00:00",
          "number": "25",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2022-11-27T23:00:00.000+00:00",
          "number": "26",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-11-28T23:00:00.000+00:00",
          "number": "27",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-12-14T23:00:00.000+00:00",
          "number": "28",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-01-17T23:00:00.000+00:00",
          "number": "29",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-01-24T23:00:00.000+00:00",
          "number": "30",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-03-15T23:00:00.000+00:00",
          "number": "31",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-05-16T22:00:00.000+00:00",
          "number": "32",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-06-15T22:00:00.000+00:00",
          "number": "33",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-02-11T23:00:00.000+00:00",
          "number": "34",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-02-28T23:00:00.000+00:00",
          "number": "35",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-03-19T23:00:00.000+00:00",
          "number": "36",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-04-29T22:00:00.000+00:00",
          "number": "37",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-04-29T22:00:00.000+00:00",
          "number": "38",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2025-11-27T23:00:00.000+00:00",
          "number": "39",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-12-17T23:00:00.000+00:00",
          "number": "40",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-02-05T23:00:00.000+00:00",
          "number": "41",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-02-16T23:00:00.000+00:00",
          "number": "42",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "42"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Gentoo Linux",
            "product": {
              "name": "Gentoo Linux",
              "product_id": "T012167",
              "product_identification_helper": {
                "cpe": "cpe:/o:gentoo:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Gentoo"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "RESF Rocky Linux",
            "product": {
              "name": "RESF Rocky Linux",
              "product_id": "T032255",
              "product_identification_helper": {
                "cpe": "cpe:/o:resf:rocky_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "RESF"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux",
                "product": {
                  "name": "Red Hat Enterprise Linux",
                  "product_id": "67646",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:-"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8",
                "product": {
                  "name": "Red Hat Enterprise Linux 8",
                  "product_id": "T014111",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9",
                "product": {
                  "name": "Red Hat Enterprise Linux 9",
                  "product_id": "T023632",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:9"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Quay \u003c3.16.0",
                "product": {
                  "name": "Red Hat Enterprise Linux Quay \u003c3.16.0",
                  "product_id": "T049495"
                }
              },
              {
                "category": "product_version",
                "name": "Quay 3.16.0",
                "product": {
                  "name": "Red Hat Enterprise Linux Quay 3.16.0",
                  "product_id": "T049495-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:quay__3.16.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Enterprise Linux"
          },
          {
            "category": "product_name",
            "name": "Red Hat OpenShift",
            "product": {
              "name": "Red Hat OpenShift",
              "product_id": "T008027",
              "product_identification_helper": {
                "cpe": "cpe:/a:redhat:openshift:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-1705",
      "product_status": {
        "known_affected": [
          "T008027",
          "T002207",
          "T023632",
          "T049495",
          "67646",
          "398363",
          "T012167",
          "T004914",
          "T014111",
          "T032255"
        ]
      },
      "release_date": "2022-08-01T22:00:00.000+00:00",
      "title": "CVE-2022-1705"
    },
    {
      "cve": "CVE-2022-1962",
      "product_status": {
        "known_affected": [
          "T008027",
          "T002207",
          "T023632",
          "T049495",
          "67646",
          "398363",
          "T012167",
          "T004914",
          "T014111",
          "T032255"
        ]
      },
      "release_date": "2022-08-01T22:00:00.000+00:00",
      "title": "CVE-2022-1962"
    },
    {
      "cve": "CVE-2022-28131",
      "product_status": {
        "known_affected": [
          "T008027",
          "T002207",
          "T023632",
          "T049495",
          "67646",
          "398363",
          "T012167",
          "T004914",
          "T014111",
          "T032255"
        ]
      },
      "release_date": "2022-08-01T22:00:00.000+00:00",
      "title": "CVE-2022-28131"
    },
    {
      "cve": "CVE-2022-30630",
      "product_status": {
        "known_affected": [
          "T008027",
          "T002207",
          "T023632",
          "T049495",
          "67646",
          "398363",
          "T012167",
          "T004914",
          "T014111",
          "T032255"
        ]
      },
      "release_date": "2022-08-01T22:00:00.000+00:00",
      "title": "CVE-2022-30630"
    },
    {
      "cve": "CVE-2022-30631",
      "product_status": {
        "known_affected": [
          "T008027",
          "T002207",
          "T023632",
          "T049495",
          "67646",
          "398363",
          "T012167",
          "T004914",
          "T014111",
          "T032255"
        ]
      },
      "release_date": "2022-08-01T22:00:00.000+00:00",
      "title": "CVE-2022-30631"
    },
    {
      "cve": "CVE-2022-30632",
      "product_status": {
        "known_affected": [
          "T008027",
          "T002207",
          "T023632",
          "T049495",
          "67646",
          "398363",
          "T012167",
          "T004914",
          "T014111",
          "T032255"
        ]
      },
      "release_date": "2022-08-01T22:00:00.000+00:00",
      "title": "CVE-2022-30632"
    },
    {
      "cve": "CVE-2022-30633",
      "product_status": {
        "known_affected": [
          "T008027",
          "T002207",
          "T023632",
          "T049495",
          "67646",
          "398363",
          "T012167",
          "T004914",
          "T014111",
          "T032255"
        ]
      },
      "release_date": "2022-08-01T22:00:00.000+00:00",
      "title": "CVE-2022-30633"
    },
    {
      "cve": "CVE-2022-30635",
      "product_status": {
        "known_affected": [
          "T008027",
          "T002207",
          "T023632",
          "T049495",
          "67646",
          "398363",
          "T012167",
          "T004914",
          "T014111",
          "T032255"
        ]
      },
      "release_date": "2022-08-01T22:00:00.000+00:00",
      "title": "CVE-2022-30635"
    },
    {
      "cve": "CVE-2022-32148",
      "product_status": {
        "known_affected": [
          "T008027",
          "T002207",
          "T023632",
          "T049495",
          "67646",
          "398363",
          "T012167",
          "T004914",
          "T014111",
          "T032255"
        ]
      },
      "release_date": "2022-08-01T22:00:00.000+00:00",
      "title": "CVE-2022-32148"
    }
  ]
}

CVE-2022-1962 (GCVE-0-2022-1962)

Vulnerability from cvelistv5 – Published: 2022-08-09 20:18 – Updated: 2026-03-06 19:08

Title

Stack exhaustion due to deeply nested types in go/parser

Summary

Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-674 - Uncontrolled Recursion

Assigner

References

URL

Tags

	https://go.dev/cl/417063
	https://go.googlesource.com/go/+/695be961d57508da…
	https://go.dev/issue/53616
	https://groups.google.com/g/golang-announce/c/nqr…
	https://pkg.go.dev/vuln/GO-2022-0515

Impacted products

	Vendor	Product	Version
	Go standard library	go/parser	Affected: 0 , < 1.17.12 (semver) Affected: 1.18.0-0 , < 1.18.4 (semver)

Credits

Juho Nurminen of Mattermost

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:24:43.737Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/417063"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.googlesource.com/go/+/695be961d57508da5a82217f7415200a11845879"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/53616"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2022-0515"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-1962",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-24T19:32:02.875913Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-06T19:08:08.543Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "go/parser",
          "product": "go/parser",
          "programRoutines": [
            {
              "name": "ParseFile"
            },
            {
              "name": "ParseExprFrom"
            },
            {
              "name": "parser.tryIdentOrType"
            },
            {
              "name": "parser.parsePrimaryExpr"
            },
            {
              "name": "parser.parseUnaryExpr"
            },
            {
              "name": "parser.parseBinaryExpr"
            },
            {
              "name": "parser.parseIfStmt"
            },
            {
              "name": "parser.parseStmt"
            },
            {
              "name": "resolver.openScope"
            },
            {
              "name": "resolver.closeScope"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.17.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.18.4",
              "status": "affected",
              "version": "1.18.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Juho Nurminen of Mattermost"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-674: Uncontrolled Recursion",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-12T19:04:29.406Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/417063"
        },
        {
          "url": "https://go.googlesource.com/go/+/695be961d57508da5a82217f7415200a11845879"
        },
        {
          "url": "https://go.dev/issue/53616"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2022-0515"
        }
      ],
      "title": "Stack exhaustion due to deeply nested types in go/parser"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2022-1962",
    "datePublished": "2022-08-09T20:18:18.000Z",
    "dateReserved": "2022-05-31T00:00:00.000Z",
    "dateUpdated": "2026-03-06T19:08:08.543Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2022-30633 (GCVE-0-2022-30633)

Vulnerability from cvelistv5 – Published: 2022-08-09 20:16 – Updated: 2026-03-09 16:53

Title

Stack exhaustion when unmarshaling certain documents in encoding/xml

Summary

Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-674 - Uncontrolled Recursion

Assigner

References

URL

Tags

	https://go.dev/cl/417061
	https://go.googlesource.com/go/+/c4c1993fd2a5b26f…
	https://go.dev/issue/53611
	https://groups.google.com/g/golang-announce/c/nqr…
	https://pkg.go.dev/vuln/GO-2022-0523

Impacted products

	Vendor	Product	Version
	Go standard library	encoding/xml	Affected: 0 , < 1.17.12 (semver) Affected: 1.18.0-0 , < 1.18.4 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:56:13.196Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/417061"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.googlesource.com/go/+/c4c1993fd2a5b26fe45c09592af6d3388a3b2e08"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/53611"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2022-0523"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-30633",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-09T16:53:05.801155Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-674",
                "description": "CWE-674 Uncontrolled Recursion",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-09T16:53:13.209Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "encoding/xml",
          "product": "encoding/xml",
          "programRoutines": [
            {
              "name": "Decoder.DecodeElement"
            },
            {
              "name": "Decoder.unmarshal"
            },
            {
              "name": "Decoder.unmarshalPath"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.17.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.18.4",
              "status": "affected",
              "version": "1.18.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the \u0027any\u0027 field tag."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-674: Uncontrolled Recursion",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-12T19:04:39.511Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/417061"
        },
        {
          "url": "https://go.googlesource.com/go/+/c4c1993fd2a5b26fe45c09592af6d3388a3b2e08"
        },
        {
          "url": "https://go.dev/issue/53611"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2022-0523"
        }
      ],
      "title": "Stack exhaustion when unmarshaling certain documents in encoding/xml"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2022-30633",
    "datePublished": "2022-08-09T20:16:19.000Z",
    "dateReserved": "2022-05-12T00:00:00.000Z",
    "dateUpdated": "2026-03-09T16:53:13.209Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2022-32148 (GCVE-0-2022-32148)

Vulnerability from cvelistv5 – Published: 2022-08-09 20:18 – Updated: 2026-03-06 19:06

Title

Exposure of client IP addresses in net/http

Summary

Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE

CWE-200 - Information Exposure

Assigner

References

URL

Tags

	https://go.dev/cl/412857
	https://go.googlesource.com/go/+/b2cc0fecc2ccd80e…
	https://go.dev/issue/53423
	https://groups.google.com/g/golang-announce/c/nqr…
	https://pkg.go.dev/vuln/GO-2022-0520

Impacted products

	Vendor	Product	Version
	Go standard library	net/http	Affected: 0 , < 1.17.12 (semver) Affected: 1.18.0-0 , < 1.18.4 (semver)

Credits

Christian Mehlmauer

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:32:55.971Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/412857"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.googlesource.com/go/+/b2cc0fecc2ccd80e6d5d16542cc684f97b3a9c8a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/53423"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2022-0520"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-32148",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-23T08:15:49.791308Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-06T19:06:52.828Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "net/http",
          "product": "net/http",
          "programRoutines": [
            {
              "name": "Header.Clone"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.17.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.18.4",
              "status": "affected",
              "version": "1.18.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Christian Mehlmauer"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-200: Information Exposure",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-12T19:04:32.608Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/412857"
        },
        {
          "url": "https://go.googlesource.com/go/+/b2cc0fecc2ccd80e6d5d16542cc684f97b3a9c8a"
        },
        {
          "url": "https://go.dev/issue/53423"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2022-0520"
        }
      ],
      "title": "Exposure of client IP addresses in net/http"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2022-32148",
    "datePublished": "2022-08-09T20:18:21.000Z",
    "dateReserved": "2022-05-31T00:00:00.000Z",
    "dateUpdated": "2026-03-06T19:06:52.828Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2022-30631 (GCVE-0-2022-30631)

Vulnerability from cvelistv5 – Published: 2022-08-09 20:16 – Updated: 2025-10-20 17:51

Title

Stack exhaustion when reading certain archives in compress/gzip

Summary

Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-674 - Uncontrolled Recursion

Assigner

References

URL

Tags

	https://go.dev/cl/417067
	https://go.googlesource.com/go/+/b2b8872c876201ea…
	https://go.dev/issue/53168
	https://groups.google.com/g/golang-announce/c/nqr…
	https://pkg.go.dev/vuln/GO-2022-0524

Impacted products

	Vendor	Product	Version
	Go standard library	compress/gzip	Affected: 0 , < 1.17.12 (semver) Affected: 1.18.0-0 , < 1.18.4 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:56:13.231Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/417067"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.googlesource.com/go/+/b2b8872c876201eac2d0707276c6999ff3eb185e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/53168"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2022-0524"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-30631",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-20T17:51:07.776953Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-20T17:51:28.366Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "compress/gzip",
          "product": "compress/gzip",
          "programRoutines": [
            {
              "name": "Reader.Read"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.17.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.18.4",
              "status": "affected",
              "version": "1.18.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-674: Uncontrolled Recursion",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-12T19:04:40.977Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/417067"
        },
        {
          "url": "https://go.googlesource.com/go/+/b2b8872c876201eac2d0707276c6999ff3eb185e"
        },
        {
          "url": "https://go.dev/issue/53168"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2022-0524"
        }
      ],
      "title": "Stack exhaustion when reading certain archives in compress/gzip"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2022-30631",
    "datePublished": "2022-08-09T20:16:32.000Z",
    "dateReserved": "2022-05-12T00:00:00.000Z",
    "dateUpdated": "2025-10-20T17:51:28.366Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-30630 (GCVE-0-2022-30630)

Vulnerability from cvelistv5 – Published: 2022-08-09 20:17 – Updated: 2026-03-06 17:48

Title

Stack exhaustion in Glob on certain paths in io/fs

Summary

Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-674 - Uncontrolled Recursion

Assigner

References

URL

Tags

	https://go.dev/cl/417065
	https://go.googlesource.com/go/+/fa2d41d0ca736f3a…
	https://go.dev/issue/53415
	https://groups.google.com/g/golang-announce/c/nqr…
	https://pkg.go.dev/vuln/GO-2022-0527

Impacted products

	Vendor	Product	Version
	Go standard library	io/fs	Affected: 0 , < 1.17.12 (semver) Affected: 1.18.0-0 , < 1.18.4 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:56:12.871Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/417065"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.googlesource.com/go/+/fa2d41d0ca736f3ad6b200b2a4e134364e9acc59"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/53415"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2022-0527"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-30630",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-24T20:38:26.312251Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-06T17:48:19.834Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "io/fs",
          "product": "io/fs",
          "programRoutines": [
            {
              "name": "Glob"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.17.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.18.4",
              "status": "affected",
              "version": "1.18.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-674: Uncontrolled Recursion",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-12T19:04:48.349Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/417065"
        },
        {
          "url": "https://go.googlesource.com/go/+/fa2d41d0ca736f3ad6b200b2a4e134364e9acc59"
        },
        {
          "url": "https://go.dev/issue/53415"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2022-0527"
        }
      ],
      "title": "Stack exhaustion in Glob on certain paths in io/fs"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2022-30630",
    "datePublished": "2022-08-09T20:17:15.000Z",
    "dateReserved": "2022-05-12T00:00:00.000Z",
    "dateUpdated": "2026-03-06T17:48:19.834Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2022-30635 (GCVE-0-2022-30635)

Vulnerability from cvelistv5 – Published: 2022-08-09 20:16 – Updated: 2026-03-06 17:44

Title

Stack exhaustion when decoding certain messages in encoding/gob

Summary

Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-674 - Uncontrolled Recursion

Assigner

References

URL

Tags

	https://go.dev/cl/417064
	https://go.googlesource.com/go/+/6fa37e98ea4382bf…
	https://go.dev/issue/53615
	https://groups.google.com/g/golang-announce/c/nqr…
	https://pkg.go.dev/vuln/GO-2022-0526

Impacted products

	Vendor	Product	Version
	Go standard library	encoding/gob	Affected: 0 , < 1.17.12 (semver) Affected: 1.18.0-0 , < 1.18.4 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:56:13.235Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/417064"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.googlesource.com/go/+/6fa37e98ea4382bf881428ee0c150ce591500eb7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/53615"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2022-0526"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-30635",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-06T17:44:14.218881Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-674",
                "description": "CWE-674 Uncontrolled Recursion",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-06T17:44:24.600Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "encoding/gob",
          "product": "encoding/gob",
          "programRoutines": [
            {
              "name": "Decoder.decIgnoreOpFor"
            },
            {
              "name": "Decoder.compileIgnoreSingle"
            },
            {
              "name": "Decoder.compileDec"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.17.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.18.4",
              "status": "affected",
              "version": "1.18.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-674: Uncontrolled Recursion",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-12T19:04:46.476Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/417064"
        },
        {
          "url": "https://go.googlesource.com/go/+/6fa37e98ea4382bf881428ee0c150ce591500eb7"
        },
        {
          "url": "https://go.dev/issue/53615"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2022-0526"
        }
      ],
      "title": "Stack exhaustion when decoding certain messages in encoding/gob"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2022-30635",
    "datePublished": "2022-08-09T20:16:05.000Z",
    "dateReserved": "2022-05-12T00:00:00.000Z",
    "dateUpdated": "2026-03-06T17:44:24.600Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2022-30632 (GCVE-0-2022-30632)

Vulnerability from cvelistv5 – Published: 2022-08-09 20:15 – Updated: 2024-08-03 06:56

Title

Stack exhaustion on crafted paths in path/filepath

Summary

Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.

Severity ?

No CVSS data available.

CWE

CWE-674 - Uncontrolled Recursion

Assigner

References

URL

Tags

	https://go.dev/cl/417066
	https://go.googlesource.com/go/+/ac68c6c683409f98…
	https://go.dev/issue/53416
	https://groups.google.com/g/golang-announce/c/nqr…
	https://pkg.go.dev/vuln/GO-2022-0522

Impacted products

	Vendor	Product	Version
	Go standard library	path/filepath	Affected: 0 , < 1.17.12 (semver) Affected: 1.18.0-0 , < 1.18.4 (semver)

Credits

Juho Nurminen of Mattermost

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:56:13.251Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/417066"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.googlesource.com/go/+/ac68c6c683409f98250d34ad282b9e1b0c9095ef"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/53416"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2022-0522"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "path/filepath",
          "product": "path/filepath",
          "programRoutines": [
            {
              "name": "Glob"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.17.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.18.4",
              "status": "affected",
              "version": "1.18.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Juho Nurminen of Mattermost"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-674: Uncontrolled Recursion",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-12T19:04:36.688Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/417066"
        },
        {
          "url": "https://go.googlesource.com/go/+/ac68c6c683409f98250d34ad282b9e1b0c9095ef"
        },
        {
          "url": "https://go.dev/issue/53416"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2022-0522"
        }
      ],
      "title": "Stack exhaustion on crafted paths in path/filepath"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2022-30632",
    "datePublished": "2022-08-09T20:15:37.000Z",
    "dateReserved": "2022-05-12T00:00:00.000Z",
    "dateUpdated": "2024-08-03T06:56:13.251Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-28131 (GCVE-0-2022-28131)

Vulnerability from cvelistv5 – Published: 2022-08-09 00:00 – Updated: 2024-08-03 05:48

Title

Stack exhaustion from deeply nested XML documents in encoding/xml

Summary

Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.

Severity ?

No CVSS data available.

CWE

CWE-674 - Uncontrolled Recursion

Assigner

References

URL

Tags

	https://go.dev/cl/417062
	https://go.googlesource.com/go/+/08c46ed43d80bbb6…
	https://go.dev/issue/53614
	https://groups.google.com/g/golang-announce/c/nqr…
	https://pkg.go.dev/vuln/GO-2022-0521

Impacted products

	Vendor	Product	Version
	Go standard library	encoding/xml	Affected: 0 , < 1.17.12 (semver) Affected: 1.18.0-0 , < 1.18.4 (semver)

Credits

Go Security Team Juho Nurminen of Mattermost

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:48:36.830Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/417062"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.googlesource.com/go/+/08c46ed43d80bbb67cb904944ea3417989be4af3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/53614"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2022-0521"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "encoding/xml",
          "product": "encoding/xml",
          "programRoutines": [
            {
              "name": "Decoder.Skip"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.17.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.18.4",
              "status": "affected",
              "version": "1.18.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Go Security Team"
        },
        {
          "lang": "en",
          "value": "Juho Nurminen of Mattermost"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-674: Uncontrolled Recursion",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-12T19:04:35.004Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/417062"
        },
        {
          "url": "https://go.googlesource.com/go/+/08c46ed43d80bbb67cb904944ea3417989be4af3"
        },
        {
          "url": "https://go.dev/issue/53614"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2022-0521"
        }
      ],
      "title": "Stack exhaustion from deeply nested XML documents in encoding/xml"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2022-28131",
    "datePublished": "2022-08-09T00:00:00.000Z",
    "dateReserved": "2022-03-29T00:00:00.000Z",
    "dateUpdated": "2024-08-03T05:48:36.830Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-1705 (GCVE-0-2022-1705)

Vulnerability from cvelistv5 – Published: 2022-08-09 20:16 – Updated: 2026-03-06 17:46

Title

Improper sanitization of Transfer-Encoding headers in net/http

Summary

Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Assigner

References

URL

Tags

	https://go.dev/cl/409874
	https://go.googlesource.com/go/+/e5017a93fcde94f0…
	https://go.dev/issue/53188
	https://go.dev/cl/410714
	https://groups.google.com/g/golang-announce/c/nqr…
	https://pkg.go.dev/vuln/GO-2022-0525

Impacted products

	Vendor	Product	Version
	Go standard library	net/http	Affected: 0 , < 1.17.12 (semver) Affected: 1.18.0-0 , < 1.18.4 (semver)

Credits

Zeyu Zhang (https://www.zeyu2001.com/)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:10:03.918Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/409874"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.googlesource.com/go/+/e5017a93fcde94f09836200bca55324af037ee5f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/53188"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/410714"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2022-0525"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-1705",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-24T20:38:47.035806Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-06T17:46:56.094Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "net/http",
          "product": "net/http",
          "programRoutines": [
            {
              "name": "transferReader.parseTransferEncoding"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.17.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.18.4",
              "status": "affected",
              "version": "1.18.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Zeyu Zhang (https://www.zeyu2001.com/)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-12T19:04:43.089Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/409874"
        },
        {
          "url": "https://go.googlesource.com/go/+/e5017a93fcde94f09836200bca55324af037ee5f"
        },
        {
          "url": "https://go.dev/issue/53188"
        },
        {
          "url": "https://go.dev/cl/410714"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2022-0525"
        }
      ],
      "title": "Improper sanitization of Transfer-Encoding headers in net/http"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2022-1705",
    "datePublished": "2022-08-09T20:16:57.000Z",
    "dateReserved": "2022-05-13T00:00:00.000Z",
    "dateUpdated": "2026-03-06T17:46:56.094Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2022-0879

CVE-2022-1962 (GCVE-0-2022-1962)

CVE-2022-30633 (GCVE-0-2022-30633)

CVE-2022-32148 (GCVE-0-2022-32148)

CVE-2022-30631 (GCVE-0-2022-30631)

CVE-2022-30630 (GCVE-0-2022-30630)

CVE-2022-30635 (GCVE-0-2022-30635)

CVE-2022-30632 (GCVE-0-2022-30632)

CVE-2022-28131 (GCVE-0-2022-28131)

CVE-2022-1705 (GCVE-0-2022-1705)

Tags

Sightings

Nomenclature