First published: Tue Jul 12 2022(Updated: )
A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.
Credit: security@golang.org security@golang.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/openshift-serverless-clients | <0:1.3.1-4.el8 | 0:1.3.1-4.el8 |
redhat/go-toolset | <1.17-golang-0:1.17.12-1.el7_9 | 1.17-golang-0:1.17.12-1.el7_9 |
redhat/git-lfs | <0:2.13.3-3.el8_6 | 0:2.13.3-3.el8_6 |
redhat/grafana | <0:7.5.15-3.el8 | 0:7.5.15-3.el8 |
redhat/grafana-pcp | <0:3.2.0-2.el8 | 0:3.2.0-2.el8 |
redhat/golang | <0:1.17.12-1.el9_0 | 0:1.17.12-1.el9_0 |
redhat/grafana | <0:7.5.15-3.el9 | 0:7.5.15-3.el9 |
redhat/grafana-pcp | <0:3.2.0-3.el9 | 0:3.2.0-3.el9 |
redhat/git-lfs | <0:3.2.0-1.el9 | 0:3.2.0-1.el9 |
redhat/etcd | <0:3.3.23-12.el8 | 0:3.3.23-12.el8 |
redhat/kubevirt | <0:4.12.0-1057.el7 | 0:4.12.0-1057.el7 |
redhat/kubevirt | <0:4.12.0-1057.el8 | 0:4.12.0-1057.el8 |
redhat/golang | <1.18.4 | 1.18.4 |
redhat/golang | <1.17.12 | 1.17.12 |
debian/golang-1.15 | <=1.15.15-1~deb11u4 | |
debian/golang-1.19 | 1.19.8-2 | |
Go | <1.17.12 | |
Go | >=1.18.0<1.18.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2022-30635 is a vulnerability in golang that allows an attacker to cause a panic due to stack exhaustion and impact system availability.
CVE-2022-30635 affects versions before Go 1.17.12 and Go 1.18.4, as well as other software packages mentioned in the affected software list.
CVE-2022-30635 has a severity level of high (7 out of 10).
To fix CVE-2022-30635, update to Go 1.17.12 or Go 1.18.4, or apply the appropriate fix for the affected software packages.
You can find more information about CVE-2022-30635 in the references provided: [CVE website](https://www.cve.org/CVERecord?id=CVE-2022-30635), [NVD](https://nvd.nist.gov/vuln/detail/CVE-2022-30635), [Go issue tracker](https://go.dev/issue/53615), [Red Hat Bugzilla](https://bugzilla.redhat.com/show_bug.cgi?id=2107388), [Red Hat Advisory](https://access.redhat.com/errata/RHSA-2022:6345).