CVE-2022-23772 Overflowing SetString can lead to Uncontrolled Memory Consumption in Go before 1.16.14 and 1.17.x.

CVE-2022-23772 Overflowing SetString can lead to Uncontrolled Memory Consumption in Go before 1.16.14 and 1.17.x.

This can be mitigated by using the Pointer type, or by creating a new struct with a zero value for the second field. For more information, see https://golang.org/ issue/ 9679 . The issue has been addressed in Go 1.17.7. Older versions of Go are vulnerable if they do a direct comparison between a pointer and a non-pointer value. If a function expects a non-pointer as an input, and receives a pointer as an input, then a ValueError will be thrown. The following code snippet is an example of how this can occur. func DoSomething ( x * int ) { if x == nil { // handle error } } If a function expects a non-pointer as an input, and receives a pointer as an input, then a ValueError will be thrown. The following code snippet is an example of how this can occur. func DoSomething ( x * int ) { if x == nil { // handle error } }

References https://golang.org/ issue/9679

https://golangx.blogspot.com/2018/02/what-is-pointer-in-go-language.html

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe