CVE-2022-24675Uncontrolled Recursion in GO

CWE-674Uncontrolled RecursionCWE-120Classic Buffer OverflowCWE-770Allocation of Resources Without Limits or Throttling8 documents7 sources
Severity
7.5HIGHNVD
EPSS
0.2%
top 60.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Golang GOFedoraproject FedoraPaloalto Pan-os
Timeline
PublishedApr 20
Latest updateNov 1

Description

encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDgolang/go1.18.01.18.1+1
Palo Altopaloalto/pan-os

Also affects: Fedora 34, 35, 36

🔴Vulnerability Details

4
OSV
Stack overflow from a large amount of PEM data in encoding/pem2022-05-20
GHSA
GHSA-q42m-q8hq-53rj: encoding/pem in Go before 12022-04-21
OSV
CVE-2022-24675: encoding/pem in Go before 12022-04-20
CVEList
CVE-2022-24675: encoding/pem in Go before 12022-04-20

📋Vendor Advisories

3
Palo Alto
PAN-SA-2024-0013 Informational Bulletin: Impact of OSS CVEs in PAN-OS2024-11-01
Red Hat
golang: encoding/pem: fix stack overflow in Decode2022-04-12
Microsoft
encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.2022-04-12
CVE-2022-24675 — Uncontrolled Recursion in Golang GO | cvebase