CVE-2022-30635

CVE-2022-30635

Name

CVE-2022-30635

Description

Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://go.dev/cl/417064
MISC	https://go.googlesource.com/go/+/6fa37e98ea4382bf881428ee0c150ce591500eb7
MISC	https://pkg.go.dev/vuln/GO-2022-0526
MISC	https://go.dev/issue/53615
MISC	https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/

Type

URI

MISC

https://go.dev/cl/417064

MISC

https://go.googlesource.com/go/+/6fa37e98ea4382bf881428ee0c150ce591500eb7

MISC

https://pkg.go.dev/vuln/GO-2022-0526

MISC

https://go.dev/issue/53615

MISC

https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE