Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.
From ELSA-2022-17956:
go-toolset [1.18.3-1] - Update to golang 1.18.3 golang [1.18.3-1.0.1] - Rebase to 1.18.3 by adding upstream patches to the 1.18.0 openssl-fips - Modify Patch51852 to remove portions already upstream - Use base_version to distinguish the version of the tarball from the final version - Reviewed-by: Jose E. Marchesi[1.18.1-2.0.1]- Rebase to 1.18.0 openssl-fips- Reviewed-by: Jose E. Marchesi [1.17.10-1.0.1]- Add patches between Go 1.17.7 and Go 1.17.10- Rename base_versn to base_version- Remove unneeded patches from previous version- Remove Patch2028662 because that patch is also upstream now- Reviewed-by: Jose E. Marchesi delve[1.8.3-1.0.1]- Bump version of delve from 1.7.2 to 1.8.3[1.7.2-1.0.1]- Bump version of delve from 1.6.0 to 1.7.2, enable aarch64[1.6.0-1.0.1]- Bump upstream version of delve from 1.5.0 to 1.6.0[1.5.0-2.0.1]- Cherry pick 05508ea98055bcb5418d2dc83893af4eb044d151: + Disable DWARF compression which has issues (Alex Burmashev) + By David Sloboda [1.5.0-2]- Add golang-1.15.4 related patch- Resolves: rhbz#1901189[1.5.0-1]- Rebase to 1.5.0- Related: rhbz#1870531[1.4.1-1]- Rebase to 1.4.1- Resolves: rhbz#1821281- Related: rhbz#1820596[1.4.0-2]- Change i686 to a better macro- Related: rhbz#1820596[1.4.0-1]- Rebase to 1.4.0- Remove Patch1781- Related: rhbz#1820596[1.3.2-3]- Resolves: rhbz#1758612- Resolves: rhbz#1780554- Add patch: 1781-pkg-terminal-Fix-exit-status.patch[1.3.2-2]- Added tests- Related: rhbz#1758612[1.3.2-1]- First package for RHEL- Related: rhbz#1758612
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center