vulnerability
FreeBSD: VID-61bce714-ca0c-11ec-9cfc-10c37b4ac2ea (CVE-2022-24675): go -- multiple vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | May 2, 2022 | Nov 4, 2022 | Dec 10, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
May 2, 2022
Added
Nov 4, 2022
Modified
Dec 10, 2025
Description
The Go project reports: encoding/pem: fix stack overflow in Decode. A large (more than 5 MB) PEM input can cause a stack overflow in Decode, leading the program to crash. crypto/elliptic: tolerate all oversized scalars in generic P-256. A crafted scalar input longer than 32 bytes can cause P256().ScalarMult or P256().ScalarBaseMult to panic. Indirect uses through crypto/ecdsa and crypto/tls are unaffected. amd64, arm64, ppc64le, and s390x are unaffected. crypto/x509: non-compliant certificates can cause a panic in Verify on macOS in Go 1.18. Verifying certificate chains containing certificates which are not compliant with RFC 5280 causes Certificate.Verify to panic on macOS. These chains can be delivered through TLS and can cause a crypto/tls or net/http client to crash.
Solutions
freebsd-upgrade-package-gofreebsd-upgrade-package-go117
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.