First published: Wed Apr 20 2022(Updated: )
encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Cloud Pak for Security | <=1.10.0.0 - 1.10.11.0 | |
IBM QRadar Suite Software | <=1.10.12.0 - 1.10.16.0 | |
Golang Go | <1.17.9 | |
Golang Go | >=1.18.0<1.18.1 | |
Fedoraproject Fedora | =34 | |
Fedoraproject Fedora | =35 | |
Fedoraproject Fedora | =36 | |
Netapp Kubernetes Monitoring Operator |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-24675 is a vulnerability in encoding/pem in Go before version 1.17.9 and 1.18.x before 1.18.1, which can lead to a stack overflow when decoding a large amount of PEM data.
CVE-2022-24675 has a severity rating of 7.5 (high).
Encoding/pem in Go versions before 1.17.9 and 1.18.x before 1.18.1 are affected by CVE-2022-24675.
To fix CVE-2022-24675, update your Go installation to version 1.17.9 or 1.18.1.
You can find more information about CVE-2022-24675 at the following references: [Link 1](https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf), [Link 2](https://groups.google.com/g/golang-announce), [Link 3](https://groups.google.com/g/golang-announce/c/oecdBNLOml8).