Fluid Attacks Database

Description

Stack overflow from a large amount of PEM data in encoding/pem encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
go	stdlib	>=0 <1.17.9	1.17.9
rpm rhel8	go-toolset	<0:1.17.10-1.module+el8.6.0+15486+6d4da7db	0:1.17.10-1.module+el8.6.0+15486+6d4da7db
rpm rhel9	golang	<0:1.17.12-1.el9_0	0:1.17.12-1.el9_0
rpm rhel7	golang	-	-
rpm rhel9	go-toolset	<0:1.17.12-1.el9_0	0:1.17.12-1.el9_0

Aliases

1. CVE-2022-246752. NVD-2022-246753. OSV-GO-2022-04334. OSV-2022-246755. GCVE-2022-24675

References

1. https://go.dev/cl/3998202. https://go.googlesource.com/go/+/45c3387d777caf28f4b992ad9a6216e3085bb8fe3. https://go.dev/issue/518534. https://groups.google.com/g/golang-announce/c/oecdBNLOml85. https://github.com/jfrog/jfrog-CVE-2022-24675

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.