vulnerability

Oracle Linux: CVE-2022-24921: ELSA-2022-14844: go-toolset:ol8addon security update (IMPORTANT) (Multiple Advisories)

Try Surface Command
Back to search
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
2022-03-03
Added
2022-05-10
Modified
2025-01-07

Description

regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.
A stack overflow flaw was found in Golang's regexp module, which can crash the runtime if the application using regexp accepts very long or arbitrarily long regexps from untrusted sources that have sufficient nesting depths. To exploit this vulnerability, an attacker would need to send large regexps with deep nesting to the application. Triggering this flaw leads to a crash of the runtime, which causes a denial of service.

Solution(s)

oracle-linux-upgrade-delveoracle-linux-upgrade-golangoracle-linux-upgrade-golang-binoracle-linux-upgrade-golang-docsoracle-linux-upgrade-golang-miscoracle-linux-upgrade-golang-raceoracle-linux-upgrade-golang-srcoracle-linux-upgrade-golang-testsoracle-linux-upgrade-go-toolsetoracle-linux-upgrade-istiooracle-linux-upgrade-istio-istioctloracle-linux-upgrade-olcne-agentoracle-linux-upgrade-olcne-api-serveroracle-linux-upgrade-olcnectloracle-linux-upgrade-olcne-gluster-chartoracle-linux-upgrade-olcne-grafana-chartoracle-linux-upgrade-olcne-istio-chartoracle-linux-upgrade-olcne-nginxoracle-linux-upgrade-olcne-oci-csi-chartoracle-linux-upgrade-olcne-olm-chartoracle-linux-upgrade-olcne-prometheus-chartoracle-linux-upgrade-olcne-utils

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today