CVE-2022-1962

Name
CVE-2022-1962
Description
Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://go.dev/cl/417063
MISC https://go.googlesource.com/go/+/695be961d57508da5a82217f7415200a11845879
MISC https://pkg.go.dev/vuln/GO-2022-0515
MISC https://go.dev/issue/53616
MISC https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* go >= None < 1.17.12
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* go >= 1.18.0 < 1.18.4

Vulnerable and fixed packages

Source package Branch Version Maintainer Status