7.5

CVE-2022-41715

EPSS 0.01%
Veröffentlicht 14.10.2022 15:16:20
Zuletzt bearbeitet 21.11.2024 07:23:43
Quelle security@golang.org
Teams Watchlist Login
Unerledigt Login

Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Golang ≫ Go Version < 1.18.7

Golang ≫ Go Version >= 1.19.0 < 1.19.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.018

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

https://groups.google.com/g/golang-announce/c/xtuG5faxtaU

Mailing List

Release Notes

https://security.gentoo.org/glsa/202311-09

https://go.dev/cl/439356

Patch

https://go.dev/issue/55949

Third Party Advisory

Issue Tracking

https://pkg.go.dev/vuln/GO-2022-1039

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-41715

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-41715

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-41715

EUVD