PT-2022-16792 · Go+5 · Go+5

Juho Nurminen

Published

2022-04-12

Updated

2025-02-14

CVE-2022-24675

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Go versions prior to 1.17.9 Go versions 1.18.x prior to 1.18.1

Description The issue is related to a Decode stack overflow in the encoding/pem package. This occurs when a large amount of PEM data is processed, leading to a stack overflow.

Recommendations For Go versions prior to 1.17.9, update to version 1.17.9 or later. For Go versions 1.18.x prior to 1.18.1, update to version 1.18.1 or later.

Fix

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-674

Related Identifiers

ALT-PU-2022-1689

ALT-PU-2022-1707

ALT-PU-2022-2873

ALT-PU-2023-1205

AZL-9527

BIT-GOLANG-2022-24675

CESA-2022_5337

CVE-2022-24675

GO-2022-0433

MGASA-2022-0171

OESA-2022-1661

OESA-2025-1122

OESA-2025-1123

OPENSUSE-SU-2022_1410-1

OPENSUSE-SU-2022_1411-1

OPENSUSE-SU-2024:11991-1

OPENSUSE-SU-2024:12004-1

RHSA-2022:5068

RHSA-2022:5337

RHSA-2022:5415

RHSA-2022:5729

RHSA-2022:5799

RHSA-2022:6042

RHSA-2022:6094

RHSA-2022:6155

RHSA-2022:6277

RHSA-2022_5337

RHSA-2022_5799

RHSA-2023:3914

RLSA-2022:5337

RLSA-2022:5799

SUSE-SU-2022:1410-1

SUSE-SU-2022:1411-1

SUSE-SU-2022_1410-1

SUSE-SU-2022_1411-1

SUSE-SU-2023:2312-1

Affected Products

Alt Linux

Centos

Red Hat

Rocky Linux

Suse

PT-2022-16792 · Go+5 · Go+5

CVE-2022-24675

Weakness Enumeration

Related Identifiers

Affected Products

References · 127