Tatianabo

**Name of the Vulnerable Software and Affected Versions** compress/gzip versions prior to 1.17.12 compress/gzip versions prior to 1.18.4 **Description** The issue is related to uncontrolled recursion in the Reader.Read function of the compress/gzip package in the Go programming language. This can be exploited by a remote attacker to cause a denial of service by providing an archive containing a large number of concatenated 0-length compressed files, leading to stack exhaustion and a panic. **Recommendations** For versions prior to 1.17.12, update to version 1.17.12 or later to resolve the issue. For versions prior to 1.18.4, update to version 1.18.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Reader.Read function on archives containing concatenated 0-length compressed files to minimize the risk of exploitation.