Home

CVE-2022-24675

Description

encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.179

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities are fixed in Couchbase Server Enterprise Edition 7.0.5Windows
Multiple vulnerabilities are fixed in Couchbase Server Enterprise Edition 6.6.6Windows
Multiple vulnerabilities are fixed in Couchbase Server Enterprise Edition 7.1.1Windows
(RHSA-2022:5337) go-toolset:rhel8 security and bug fix update go-toolset-1.17.10-1.module+el8.6.0+15486+6d4da7db.x86_64.rpmLinux
(RHSA-2022:5337) go-toolset:rhel8 security and bug fix update golang-1.17.10-1.module+el8.6.0+15486+6d4da7db.x86_64.rpmLinux
(RHSA-2022:5337) go-toolset:rhel8 security and bug fix update golang-bin-1.17.10-1.module+el8.6.0+15486+6d4da7db.x86_64.rpmLinux
(RHSA-2022:5337) go-toolset:rhel8 security and bug fix update golang-docs-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpmLinux
(RHSA-2022:5337) go-toolset:rhel8 security and bug fix update golang-misc-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpmLinux
(RHSA-2022:5337) go-toolset:rhel8 security and bug fix update golang-race-1.17.10-1.module+el8.6.0+15486+6d4da7db.x86_64.rpmLinux
(RHSA-2022:5337) go-toolset:rhel8 security and bug fix update golang-src-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpmLinux
(RHSA-2022:5337) go-toolset:rhel8 security and bug fix update golang-tests-1.17.10-1.module+el8.6.0+15486+6d4da7db.noarch.rpmLinux
Delve update (ELSA-2022-5337) delve-1.7.2-1.0.1.module+el8.6.0+20559+3b94dc2a.x86_64.rpmLinux
Go-toolset update (ELSA-2022-5337) go-toolset-1.17.10-1.module+el8.6.0+20691+4e76a6d9.x86_64.rpmLinux
Golang update (ELSA-2022-5337) golang-1.17.10-1.module+el8.6.0+20691+4e76a6d9.x86_64.rpmLinux
Golang-bin update (ELSA-2022-5337) golang-bin-1.17.10-1.module+el8.6.0+20691+4e76a6d9.x86_64.rpmLinux
Golang-docs update (ELSA-2022-5337) golang-docs-1.17.10-1.module+el8.6.0+20691+4e76a6d9.noarch.rpmLinux
Golang-misc update (ELSA-2022-5337) golang-misc-1.17.10-1.module+el8.6.0+20691+4e76a6d9.noarch.rpmLinux
Golang-race update (ELSA-2022-5337) golang-race-1.17.10-1.module+el8.6.0+20691+4e76a6d9.x86_64.rpmLinux
Golang-src update (ELSA-2022-5337) golang-src-1.17.10-1.module+el8.6.0+20691+4e76a6d9.noarch.rpmLinux
Golang-tests update (ELSA-2022-5337) golang-tests-1.17.10-1.module+el8.6.0+20691+4e76a6d9.noarch.rpmLinux
SUSE-SU-2023:2312-1(Development Tools Module 15-SP4 ) go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64.rpmLinux
SUSE-SU-2023:2312-1(Development Tools Module 15-SP4 ) go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64.rpmLinux
SUSE-SU-2023:2312-1(Development Tools Module 15-SP4 ) go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64.rpmLinux
golang-github-godbus-dbus Security Update (ALAS-2022-1858) golang-github-godbus-dbus-devel-0-0.1.gitcb98efb.amzn2.0.2.noarch.rpmLinux
golang-github-gorilla-context Security Update (ALAS-2022-1859) golang-github-gorilla-context-devel-0-0.24.gitb06ed15.amzn2.0.4.x86_64.rpmLinux
golang-github-gorilla-mux Security Update (ALAS-2022-1860) golang-github-gorilla-mux-devel-0-0.16.git136d54f.amzn2.0.2.noarch.rpmLinux
golang-googlecode-net Security Update (ALAS-2022-1861) golang-googlecode-net-devel-0-0.12.hg84a4013f96e0.amzn2.0.2.noarch.rpmLinux
golang-googlecode-sqlite Security Update (ALAS-2022-1862) golang-googlecode-sqlite-devel-0-0.9.hg74691fb6f837.amzn2.0.4.x86_64.rpmLinux
go-rpm-macros Security Update (ALAS-2022-1863) go-filesystem-3.0.15-23.amzn2.0.2.x86_64.rpmLinux
go-rpm-macros Security Update (ALAS-2022-1863) go-rpm-macros-3.0.15-23.amzn2.0.2.x86_64.rpmLinux
go-rpm-macros Security Update (ALAS-2022-1863) go-srpm-macros-3.0.15-23.amzn2.0.2.noarch.rpmLinux
go-rpm-macros Security Update (ALAS-2022-1863) go-rpm-templates-3.0.15-23.amzn2.0.2.noarch.rpmLinux
golang-github-kr-pty Security Update (ALAS-2022-1864) golang-github-kr-pty-devel-0-0.19.git98c7b80.amzn2.0.3.x86_64.rpmLinux
golang-github-syndtr-gocapability Security Update (ALAS-2022-1865) golang-github-syndtr-gocapability-devel-0-0.5.git3454319.amzn2.0.3.x86_64.rpmLinux
golist Security Update (ALAS-2023-046) golist-0.10.1-11.amzn2023.0.3.x86_64.rpmLinux
golang-github-cpuguy83-md2man Security Update (ALAS-2023-047) golang-github-cpuguy83-md2man-2.0.2-22.amzn2023.0.2.x86_64.rpmLinux
golang-github-cpuguy83-md2man Security Update (ALAS-2023-047) golang-github-cpuguy83-md2man-devel-2.0.2-22.amzn2023.0.2.noarch.rpmLinux
golang-github-cpuguy83-md2man Security Update (ALAS-2023-047) compat-golang-github-cpuguy83-md2man-2-devel-2.0.2-22.amzn2023.0.2.noarch.rpmLinux
golang-github-godbus-dbus Security Update (ALAS2-2022-1858) golang-github-godbus-dbus-devel-0-0.1.gitcb98efb.amzn2.0.2.noarch.rpmLinux
golang-github-gorilla-context Security Update (ALAS2-2022-1859) golang-github-gorilla-context-devel-0-0.24.gitb06ed15.amzn2.0.4.x86_64.rpmLinux
golang-github-gorilla-mux Security Update (ALAS2-2022-1860) golang-github-gorilla-mux-devel-0-0.16.git136d54f.amzn2.0.2.noarch.rpmLinux
golang-googlecode-net Security Update (ALAS2-2022-1861) golang-googlecode-net-devel-0-0.12.hg84a4013f96e0.amzn2.0.2.noarch.rpmLinux
golang-googlecode-sqlite Security Update (ALAS2-2022-1862) golang-googlecode-sqlite-devel-0-0.9.hg74691fb6f837.amzn2.0.4.x86_64.rpmLinux
go-rpm-macros Security Update (ALAS2-2022-1863) go-filesystem-3.0.15-23.amzn2.0.2.x86_64.rpmLinux
go-rpm-macros Security Update (ALAS2-2022-1863) go-rpm-macros-3.0.15-23.amzn2.0.2.x86_64.rpmLinux
go-rpm-macros Security Update (ALAS2-2022-1863) go-rpm-templates-3.0.15-23.amzn2.0.2.noarch.rpmLinux
go-rpm-macros Security Update (ALAS2-2022-1863) go-srpm-macros-3.0.15-23.amzn2.0.2.noarch.rpmLinux
golang-github-kr-pty Security Update (ALAS2-2022-1864) golang-github-kr-pty-devel-0-0.19.git98c7b80.amzn2.0.3.x86_64.rpmLinux
golang-github-syndtr-gocapability Security Update (ALAS2-2022-1865) golang-github-syndtr-gocapability-devel-0-0.5.git3454319.amzn2.0.3.x86_64.rpmLinux
golist Security Update (ALAS2023-2023-046) golist-0.10.1-11.amzn2023.0.3.x86_64.rpmLinux
golang-github-cpuguy83-md2man Security Update (ALAS2023-2023-047) compat-golang-github-cpuguy83-md2man-2-devel-2.0.2-22.amzn2023.0.2.noarch.rpmLinux
golang-github-cpuguy83-md2man Security Update (ALAS2023-2023-047) golang-github-cpuguy83-md2man-2.0.2-22.amzn2023.0.2.x86_64.rpmLinux
golang-github-cpuguy83-md2man Security Update (ALAS2023-2023-047) golang-github-cpuguy83-md2man-devel-2.0.2-22.amzn2023.0.2.noarch.rpmLinux
golang Security Update (ALAS2023-2023-048) golang-1.19.3-2.amzn2023.0.2.x86_64.rpmLinux
golang Security Update (ALAS2023-2023-048) golang-bin-1.19.3-2.amzn2023.0.2.x86_64.rpmLinux
golang Security Update (ALAS2023-2023-048) golang-docs-1.19.3-2.amzn2023.0.2.noarch.rpmLinux
golang Security Update (ALAS2023-2023-048) golang-misc-1.19.3-2.amzn2023.0.2.noarch.rpmLinux
golang Security Update (ALAS2023-2023-048) golang-race-1.19.3-2.amzn2023.0.2.x86_64.rpmLinux
golang Security Update (ALAS2023-2023-048) golang-shared-1.19.3-2.amzn2023.0.2.x86_64.rpmLinux
golang Security Update (ALAS2023-2023-048) golang-src-1.19.3-2.amzn2023.0.2.noarch.rpmLinux
golang Security Update (ALAS2023-2023-048) golang-tests-1.19.3-2.amzn2023.0.2.noarch.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234