Rapid7 Vulnerability & Exploit Database

Red Hat OpenShift: CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read

Free InsightVM Trial No Credit Card Necessary
Watch Demo See how it all works
Back to Search

Red Hat OpenShift: CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
08/10/2022
Created
01/19/2023
Added
01/18/2023
Modified
01/16/2024

Description

Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files.

Solution(s)

  • linuxrpm-upgrade-buildah
  • linuxrpm-upgrade-butane
  • linuxrpm-upgrade-conmon
  • linuxrpm-upgrade-container-selinux
  • linuxrpm-upgrade-containernetworking-plugins
  • linuxrpm-upgrade-containers-common
  • linuxrpm-upgrade-cri-o
  • linuxrpm-upgrade-cri-tools
  • linuxrpm-upgrade-crun
  • linuxrpm-upgrade-fuse-overlayfs
  • linuxrpm-upgrade-haproxy
  • linuxrpm-upgrade-ignition
  • linuxrpm-upgrade-kernel-rt
  • linuxrpm-upgrade-openshift-clients
  • linuxrpm-upgrade-podman
  • linuxrpm-upgrade-runc
  • linuxrpm-upgrade-skopeo
  • linuxrpm-upgrade-slirp4netns
  • linuxrpm-upgrade-toolbox

References

  • https://attackerkb.com/topics/cve-2022-30631
  • CVE - 2022-30631
  • RHSA-2022:5775
  • RHSA-2022:5799
  • RHSA-2022:5866
  • RHSA-2022:5875
  • RHSA-2022:5879
  • RHSA-2022:5923
  • RHSA-2022:5924
  • RHSA-2022:6040
  • RHSA-2022:6042
  • RHSA-2022:6051
  • RHSA-2022:6053
  • RHSA-2022:6061
  • RHSA-2022:6062
  • RHSA-2022:6065
  • RHSA-2022:6066
  • RHSA-2022:6103
  • RHSA-2022:6113
  • RHSA-2022:6152
  • RHSA-2022:6182
  • RHSA-2022:6183
  • RHSA-2022:6184
  • RHSA-2022:6187
  • RHSA-2022:6188
  • RHSA-2022:6262
  • RHSA-2022:6290
  • RHSA-2022:6308
  • RHSA-2022:6344
  • RHSA-2022:6345
  • RHSA-2022:6346
  • RHSA-2022:6347
  • RHSA-2022:6348
  • RHSA-2022:6370
  • RHSA-2022:6429
  • RHSA-2022:6430
  • RHSA-2022:6517
  • RHSA-2022:6560
  • RHSA-2022:6714
  • RHSA-2022:7398
  • RHSA-2022:7519
  • RHSA-2022:7529
  • RHSA-2022:7648
  • RHSA-2022:8057
  • RHSA-2022:8098
  • RHSA-2022:8250
  • RHSA-2023:0407
  • RHSA-2023:0408
  • RHSA-2023:0727
  • RHSA-2023:1042
  • RHSA-2023:1529
  • RHSA-2023:2758
  • RHSA-2023:2802
  • RHSA-2023:3642
View more

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;