CVE-2022-30634
published 2022-07-15CVE-2022-30634: Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1…
PriorityP340high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.65%
73.5th percentile
Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | golang-1.15 | — | — |
| go_standard_library | crypto_rand | < 1.17.11 | 1.17.11 |
| go_standard_library | crypto_rand | >= 1.18.0-0 < 1.18.3 | 1.18.3 |
| golang | go | < 1.17.11 | 1.17.11 |
| golang | go | >= 1.18.0 < 1.18.3 | 1.18.3 |
| paloalto | pan-os | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_debian7.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Palo Alto
PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS
vendor_paloalto·2024-02-14·CVSS 9.8
CVE-2017-18342 [CRITICAL] PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS
PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS software. While PAN-OS software may include the
CVEs: CVE-2017-18342, CVE-2017-8923, CVE-2017-9120, CVE-2019-1551, CVE-2019-16865, CVE-2019-16905, CVE-2019-19523, CVE-2019-19528, CVE-2019-19911, CVE-2020-0404, CVE-2020-0431, CVE-2020-0466, CVE-2020-10379, CVE-2020-11538, CVE-2020-11608, CVE-2020-12114, CVE-2020-12321, CVE-2020-12362, CVE-2020-12363, CVE-2020-12364, CVE-2020-13757, CVE-2020-14314, CVE-2020-14351, CVE-2020-15778, CVE-2020-1967, CVE-2020-24394, CVE-2020-24504, CVE-2020-25211, CVE-2020-25212, CVE-2020-25284, CVE-2020-25285, CVE-2020-25717, CVE-2020-26541, CVE-2020-2715
Debian
CVE-2022-30634: golang-1.15 - Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows ...
vendor_debian·2022·CVSS 7.5
CVE-2022-30634 [HIGH] CVE-2022-30634: golang-1.15 - Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows ...
Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.
Scope: local
bullseye: resolved
GHSA
GHSA-vfh9-chgv-wfph: Infinite loop in Read in crypto/rand before Go 1
ghsa_unreviewed·2022-07-16
CVE-2022-30634 [HIGH] CWE-835 GHSA-vfh9-chgv-wfph: Infinite loop in Read in crypto/rand before Go 1
Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.
OSV
CVE-2022-30634: Infinite loop in Read in crypto/rand before Go 1
osv·2022-07-15·CVSS 7.5
CVE-2022-30634 [HIGH] CVE-2022-30634: Infinite loop in Read in crypto/rand before Go 1
Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.
OSV
Indefinite hang with large buffers on Windows in crypto/rand
osv·2022-06-09
CVE-2022-30634 Indefinite hang with large buffers on Windows in crypto/rand
Indefinite hang with large buffers on Windows in crypto/rand
On Windows, rand.Read will hang indefinitely if passed a buffer larger than 1 << 32 - 1 bytes.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://go.dev/cl/402257https://go.dev/issue/52561https://go.googlesource.com/go/+/bb1f4416180511231de6d17a1f2f55c82aafc863https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJhttps://pkg.go.dev/vuln/GO-2022-0477https://go.dev/cl/402257https://go.dev/issue/52561https://go.googlesource.com/go/+/bb1f4416180511231de6d17a1f2f55c82aafc863https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJhttps://pkg.go.dev/vuln/GO-2022-0477
2022-07-15
Published