CVE-2022-30635

CVE Details

Release Date:

2022-08-10

Description

Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.

See more information about CVE-2022-30635 from MITRE CVE dictionary and NIST NVD

CVSS v3.0 metrics

NOTE: The following CVSS v3.0 metrics and score provided are preliminary and subject to review.

Base Score:	7.5	Base Metrics:	AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Vector:	Network	Attack Complexity:	Low
Privileges Required:	None	User Interaction:	None
Scope:	Unchanged	Confidentiality Impact:	None
Integrity Impact:	None	Availability Impact:	High

Errata information

Platform	Errata	Release Date
Oracle Linux version 8 (delve)	ELSA-2022-23681	2022-11-07
Oracle Linux version 8 (delve)	ELSA-2022-24267	2022-11-23
Oracle Linux version 8 (delve)	ELSA-2022-5775	2022-08-03
Oracle Linux version 8 (git-lfs)	ELSA-2022-7129	2022-10-26
Oracle Linux version 8 (go-toolset)	ELSA-2022-23681	2022-11-07
Oracle Linux version 8 (go-toolset)	ELSA-2022-24267	2022-11-23
Oracle Linux version 8 (go-toolset)	ELSA-2022-5775	2022-08-03
Oracle Linux version 8 (golang)	ELSA-2022-23681	2022-11-07
Oracle Linux version 8 (golang)	ELSA-2022-24267	2022-11-23
Oracle Linux version 8 (golang)	ELSA-2022-5775	2022-08-03
Oracle Linux version 8 (grafana)	ELSA-2022-7519	2022-11-15
Oracle Linux version 8 (grafana-pcp)	ELSA-2022-7648	2022-11-15
Oracle Linux version 9 (go-toolset)	ELSA-2022-5799	2022-08-02
Oracle Linux version 9 (golang)	ELSA-2022-5799	2022-08-02
Oracle Linux version 9 (grafana)	ELSA-2022-8057	2022-11-22
Oracle Linux version 9 (grafana-pcp)	ELSA-2022-8250	2022-11-22

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team