CVE-2022-24675 PEM encoding in Go before 1.17.9 and 1.18.x could have a Decode stack overflow.

CVE-2022-24675 PEM encoding in Go before 1.17.9 and 1.18.x could have a Decode stack overflow.

A local attacker can exploit this to cause a denial of service (memory consumption). For more information about these vulnerabilities, see the RedPulse blog. Go 1.17.9 and 1.18.x before 1.18.1 are vulnerable to stack overflow due to a Decode call with a very large number of parameters. A local attacker can exploit this to cause a denial of service. For more information about these vulnerabilities, see the RedPulse blog. Before upgrading to Go 1.18.1, make sure to apply the CVE patch outlined in Go 1.18.1 fixes Decode stack overflow due to a Decode call with a very large number of parameters. A local attacker can exploit this to cause a denial of service. For more information about these vulnerabilities, see the RedPulse blog. Go 1.17.9 and 1.18.x before 1.18.1 are vulnerable to stack overflow due to a Decode call with a very large number of parameters. A local attacker can exploit this to cause a denial of service. For more information about these vulnerabilities, see the RedPulse blog. Go 1.17.9 and 1.18.x before 1.18.1 are vulnerable to stack overflow due to a Decode call with a very large number of parameters. A local attacker can exploit this to cause a denial of service. For more information about these vulnerabilities, see the RedPulse blog. Go 1.17.9 and

Summary

RedPulse would like to inform users of the following vulnerabilities:

CVE-2022-24675 - A local attacker can exploit this to cause a denial of service (memory consumption). For more information about these vulnerabilities, see the RedPulse blog. Go 1.17.9 and 1.18.x before 1.18.1 are vulnerable to stack overflow due to a Decode call with a very large number of parameters. A local attacker can exploit this to cause a denial of service. For more information about these vulnerabilities, see the RedPulse blog. Before upgrading to Go 1.18.1, make sure to apply the CVE patch outlined in Go 1.18.1 fixes Decode stack overflow due to a Decode call with a very large number of parameters. A local attacker can exploit this to cause a denial of service. For more information about these vulnerabilities, see the RedPulse blog . Go 1 .17 .9 and     1 . 18 .x before 1 .18 .1 are vulnerable to stack overflow due to a Decode call with a very large number of parameters . A local attacker can exploit this to cause a denial of service . For more information about these vulnerabilities , see the RedPulse blog

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe