csaf_opensuse - opensuse-su-2024:12190-1

opensuse-su-2024:12190-1

Vulnerability from csaf_opensuse

Published

2024-06-15 00:00

Modified

2024-06-15 00:00

Summary

go1.18-1.18.4-1.1 on GA media

Notes

Title of the patch

go1.18-1.18.4-1.1 on GA media

Description of the patch

These are all security issues fixed in the go1.18-1.18.4-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-12190

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "go1.18-1.18.4-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the go1.18-1.18.4-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-12190",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12190-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-1705 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-1705/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-1962 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-1962/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-28131 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-28131/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-30630 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-30630/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-30631 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-30631/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-30632 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-30632/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-30633 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-30633/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-30635 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-30635/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-32148 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-32148/"
      }
    ],
    "title": "go1.18-1.18.4-1.1 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:12190-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "go1.18-1.18.4-1.1.aarch64",
                "product": {
                  "name": "go1.18-1.18.4-1.1.aarch64",
                  "product_id": "go1.18-1.18.4-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "go1.18-doc-1.18.4-1.1.aarch64",
                "product": {
                  "name": "go1.18-doc-1.18.4-1.1.aarch64",
                  "product_id": "go1.18-doc-1.18.4-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "go1.18-race-1.18.4-1.1.aarch64",
                "product": {
                  "name": "go1.18-race-1.18.4-1.1.aarch64",
                  "product_id": "go1.18-race-1.18.4-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "go1.18-1.18.4-1.1.ppc64le",
                "product": {
                  "name": "go1.18-1.18.4-1.1.ppc64le",
                  "product_id": "go1.18-1.18.4-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "go1.18-doc-1.18.4-1.1.ppc64le",
                "product": {
                  "name": "go1.18-doc-1.18.4-1.1.ppc64le",
                  "product_id": "go1.18-doc-1.18.4-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "go1.18-race-1.18.4-1.1.ppc64le",
                "product": {
                  "name": "go1.18-race-1.18.4-1.1.ppc64le",
                  "product_id": "go1.18-race-1.18.4-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "go1.18-1.18.4-1.1.s390x",
                "product": {
                  "name": "go1.18-1.18.4-1.1.s390x",
                  "product_id": "go1.18-1.18.4-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "go1.18-doc-1.18.4-1.1.s390x",
                "product": {
                  "name": "go1.18-doc-1.18.4-1.1.s390x",
                  "product_id": "go1.18-doc-1.18.4-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "go1.18-race-1.18.4-1.1.s390x",
                "product": {
                  "name": "go1.18-race-1.18.4-1.1.s390x",
                  "product_id": "go1.18-race-1.18.4-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "go1.18-1.18.4-1.1.x86_64",
                "product": {
                  "name": "go1.18-1.18.4-1.1.x86_64",
                  "product_id": "go1.18-1.18.4-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "go1.18-doc-1.18.4-1.1.x86_64",
                "product": {
                  "name": "go1.18-doc-1.18.4-1.1.x86_64",
                  "product_id": "go1.18-doc-1.18.4-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "go1.18-race-1.18.4-1.1.x86_64",
                "product": {
                  "name": "go1.18-race-1.18.4-1.1.x86_64",
                  "product_id": "go1.18-race-1.18.4-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.18-1.18.4-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:go1.18-1.18.4-1.1.aarch64"
        },
        "product_reference": "go1.18-1.18.4-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.18-1.18.4-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:go1.18-1.18.4-1.1.ppc64le"
        },
        "product_reference": "go1.18-1.18.4-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.18-1.18.4-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:go1.18-1.18.4-1.1.s390x"
        },
        "product_reference": "go1.18-1.18.4-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.18-1.18.4-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:go1.18-1.18.4-1.1.x86_64"
        },
        "product_reference": "go1.18-1.18.4-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.18-doc-1.18.4-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.aarch64"
        },
        "product_reference": "go1.18-doc-1.18.4-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.18-doc-1.18.4-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.ppc64le"
        },
        "product_reference": "go1.18-doc-1.18.4-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.18-doc-1.18.4-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.s390x"
        },
        "product_reference": "go1.18-doc-1.18.4-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.18-doc-1.18.4-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.x86_64"
        },
        "product_reference": "go1.18-doc-1.18.4-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.18-race-1.18.4-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.aarch64"
        },
        "product_reference": "go1.18-race-1.18.4-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.18-race-1.18.4-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.ppc64le"
        },
        "product_reference": "go1.18-race-1.18.4-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.18-race-1.18.4-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.s390x"
        },
        "product_reference": "go1.18-race-1.18.4-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go1.18-race-1.18.4-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.x86_64"
        },
        "product_reference": "go1.18-race-1.18.4-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-1705",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-1705"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:go1.18-1.18.4-1.1.aarch64",
          "openSUSE Tumbleweed:go1.18-1.18.4-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.18-1.18.4-1.1.s390x",
          "openSUSE Tumbleweed:go1.18-1.18.4-1.1.x86_64",
          "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.aarch64",
          "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.s390x",
          "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.x86_64",
          "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.aarch64",
          "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.s390x",
          "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-1705",
          "url": "https://www.suse.com/security/cve/CVE-2022-1705"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201434 for CVE-2022-1705",
          "url": "https://bugzilla.suse.com/1201434"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.x86_64",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.x86_64",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.x86_64",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.x86_64",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-1705"
    },
    {
      "cve": "CVE-2022-1962",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-1962"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:go1.18-1.18.4-1.1.aarch64",
          "openSUSE Tumbleweed:go1.18-1.18.4-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.18-1.18.4-1.1.s390x",
          "openSUSE Tumbleweed:go1.18-1.18.4-1.1.x86_64",
          "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.aarch64",
          "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.s390x",
          "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.x86_64",
          "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.aarch64",
          "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.s390x",
          "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-1962",
          "url": "https://www.suse.com/security/cve/CVE-2022-1962"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201448 for CVE-2022-1962",
          "url": "https://bugzilla.suse.com/1201448"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.x86_64",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.x86_64",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.x86_64",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.x86_64",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-1962"
    },
    {
      "cve": "CVE-2022-28131",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-28131"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:go1.18-1.18.4-1.1.aarch64",
          "openSUSE Tumbleweed:go1.18-1.18.4-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.18-1.18.4-1.1.s390x",
          "openSUSE Tumbleweed:go1.18-1.18.4-1.1.x86_64",
          "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.aarch64",
          "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.s390x",
          "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.x86_64",
          "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.aarch64",
          "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.s390x",
          "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-28131",
          "url": "https://www.suse.com/security/cve/CVE-2022-28131"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201443 for CVE-2022-28131",
          "url": "https://bugzilla.suse.com/1201443"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.x86_64",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.x86_64",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.x86_64",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.x86_64",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-28131"
    },
    {
      "cve": "CVE-2022-30630",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-30630"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:go1.18-1.18.4-1.1.aarch64",
          "openSUSE Tumbleweed:go1.18-1.18.4-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.18-1.18.4-1.1.s390x",
          "openSUSE Tumbleweed:go1.18-1.18.4-1.1.x86_64",
          "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.aarch64",
          "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.s390x",
          "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.x86_64",
          "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.aarch64",
          "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.s390x",
          "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-30630",
          "url": "https://www.suse.com/security/cve/CVE-2022-30630"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201447 for CVE-2022-30630",
          "url": "https://bugzilla.suse.com/1201447"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.x86_64",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.x86_64",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.x86_64",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.x86_64",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-30630"
    },
    {
      "cve": "CVE-2022-30631",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-30631"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:go1.18-1.18.4-1.1.aarch64",
          "openSUSE Tumbleweed:go1.18-1.18.4-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.18-1.18.4-1.1.s390x",
          "openSUSE Tumbleweed:go1.18-1.18.4-1.1.x86_64",
          "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.aarch64",
          "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.s390x",
          "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.x86_64",
          "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.aarch64",
          "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.s390x",
          "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-30631",
          "url": "https://www.suse.com/security/cve/CVE-2022-30631"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201437 for CVE-2022-30631",
          "url": "https://bugzilla.suse.com/1201437"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.x86_64",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.x86_64",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.x86_64",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.x86_64",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-30631"
    },
    {
      "cve": "CVE-2022-30632",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-30632"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:go1.18-1.18.4-1.1.aarch64",
          "openSUSE Tumbleweed:go1.18-1.18.4-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.18-1.18.4-1.1.s390x",
          "openSUSE Tumbleweed:go1.18-1.18.4-1.1.x86_64",
          "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.aarch64",
          "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.s390x",
          "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.x86_64",
          "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.aarch64",
          "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.s390x",
          "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-30632",
          "url": "https://www.suse.com/security/cve/CVE-2022-30632"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201445 for CVE-2022-30632",
          "url": "https://bugzilla.suse.com/1201445"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.x86_64",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.x86_64",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.x86_64",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.x86_64",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-30632"
    },
    {
      "cve": "CVE-2022-30633",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-30633"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the \u0027any\u0027 field tag.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:go1.18-1.18.4-1.1.aarch64",
          "openSUSE Tumbleweed:go1.18-1.18.4-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.18-1.18.4-1.1.s390x",
          "openSUSE Tumbleweed:go1.18-1.18.4-1.1.x86_64",
          "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.aarch64",
          "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.s390x",
          "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.x86_64",
          "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.aarch64",
          "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.s390x",
          "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-30633",
          "url": "https://www.suse.com/security/cve/CVE-2022-30633"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201440 for CVE-2022-30633",
          "url": "https://bugzilla.suse.com/1201440"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.x86_64",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.x86_64",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.x86_64",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.x86_64",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-30633"
    },
    {
      "cve": "CVE-2022-30635",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-30635"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:go1.18-1.18.4-1.1.aarch64",
          "openSUSE Tumbleweed:go1.18-1.18.4-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.18-1.18.4-1.1.s390x",
          "openSUSE Tumbleweed:go1.18-1.18.4-1.1.x86_64",
          "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.aarch64",
          "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.s390x",
          "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.x86_64",
          "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.aarch64",
          "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.s390x",
          "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-30635",
          "url": "https://www.suse.com/security/cve/CVE-2022-30635"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201444 for CVE-2022-30635",
          "url": "https://bugzilla.suse.com/1201444"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.x86_64",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.x86_64",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.x86_64",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.x86_64",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-30635"
    },
    {
      "cve": "CVE-2022-32148",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-32148"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:go1.18-1.18.4-1.1.aarch64",
          "openSUSE Tumbleweed:go1.18-1.18.4-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.18-1.18.4-1.1.s390x",
          "openSUSE Tumbleweed:go1.18-1.18.4-1.1.x86_64",
          "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.aarch64",
          "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.s390x",
          "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.x86_64",
          "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.aarch64",
          "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.ppc64le",
          "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.s390x",
          "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-32148",
          "url": "https://www.suse.com/security/cve/CVE-2022-32148"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201436 for CVE-2022-32148",
          "url": "https://bugzilla.suse.com/1201436"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.x86_64",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.x86_64",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-1.18.4-1.1.x86_64",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-doc-1.18.4-1.1.x86_64",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.aarch64",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.ppc64le",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.s390x",
            "openSUSE Tumbleweed:go1.18-race-1.18.4-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-32148"
    }
  ]
}

CVE-2022-30630 (GCVE-0-2022-30630)

Vulnerability from cvelistv5

Published

2022-08-09 20:17

Modified

2024-08-03 06:56

Severity ?

CWE

CWE-674: Uncontrolled Recursion

Summary

Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators.

References

URL

Tags

	https://go.dev/cl/417065
	https://go.googlesource.com/go/+/fa2d41d0ca736f3ad6b200b2a4e134364e9acc59
	https://go.dev/issue/53415
	https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE
	https://pkg.go.dev/vuln/GO-2022-0527

Impacted products

	Vendor	Product	Version
	Go standard library	io/fs	Version: 0 ≤ Version: 1.18.0-0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:56:12.871Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/417065"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.googlesource.com/go/+/fa2d41d0ca736f3ad6b200b2a4e134364e9acc59"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/53415"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2022-0527"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "io/fs",
          "product": "io/fs",
          "programRoutines": [
            {
              "name": "Glob"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.17.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.18.4",
              "status": "affected",
              "version": "1.18.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-674: Uncontrolled Recursion",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-12T19:04:48.349Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/417065"
        },
        {
          "url": "https://go.googlesource.com/go/+/fa2d41d0ca736f3ad6b200b2a4e134364e9acc59"
        },
        {
          "url": "https://go.dev/issue/53415"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2022-0527"
        }
      ],
      "title": "Stack exhaustion in Glob on certain paths in io/fs"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2022-30630",
    "datePublished": "2022-08-09T20:17:15",
    "dateReserved": "2022-05-12T00:00:00",
    "dateUpdated": "2024-08-03T06:56:12.871Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-30635 (GCVE-0-2022-30635)

Vulnerability from cvelistv5

Published

2022-08-09 20:16

Modified

2024-08-03 06:56

Severity ?

CWE

CWE-674: Uncontrolled Recursion

Summary

Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.

References

URL

Tags

	https://go.dev/cl/417064
	https://go.googlesource.com/go/+/6fa37e98ea4382bf881428ee0c150ce591500eb7
	https://go.dev/issue/53615
	https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE
	https://pkg.go.dev/vuln/GO-2022-0526

Impacted products

	Vendor	Product	Version
	Go standard library	encoding/gob	Version: 0 ≤ Version: 1.18.0-0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:56:13.235Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/417064"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.googlesource.com/go/+/6fa37e98ea4382bf881428ee0c150ce591500eb7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/53615"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2022-0526"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "encoding/gob",
          "product": "encoding/gob",
          "programRoutines": [
            {
              "name": "Decoder.decIgnoreOpFor"
            },
            {
              "name": "Decoder.compileIgnoreSingle"
            },
            {
              "name": "Decoder.compileDec"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.17.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.18.4",
              "status": "affected",
              "version": "1.18.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-674: Uncontrolled Recursion",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-12T19:04:46.476Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/417064"
        },
        {
          "url": "https://go.googlesource.com/go/+/6fa37e98ea4382bf881428ee0c150ce591500eb7"
        },
        {
          "url": "https://go.dev/issue/53615"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2022-0526"
        }
      ],
      "title": "Stack exhaustion when decoding certain messages in encoding/gob"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2022-30635",
    "datePublished": "2022-08-09T20:16:05",
    "dateReserved": "2022-05-12T00:00:00",
    "dateUpdated": "2024-08-03T06:56:13.235Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-1962 (GCVE-0-2022-1962)

Vulnerability from cvelistv5

Published

2022-08-09 20:18

Modified

2024-08-03 00:24

Severity ?

CWE

CWE-674: Uncontrolled Recursion

Summary

Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.

References

URL

Tags

	https://go.dev/cl/417063
	https://go.googlesource.com/go/+/695be961d57508da5a82217f7415200a11845879
	https://go.dev/issue/53616
	https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE
	https://pkg.go.dev/vuln/GO-2022-0515

Impacted products

	Vendor	Product	Version
	Go standard library	go/parser	Version: 0 ≤ Version: 1.18.0-0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:24:43.737Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/417063"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.googlesource.com/go/+/695be961d57508da5a82217f7415200a11845879"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/53616"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2022-0515"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "go/parser",
          "product": "go/parser",
          "programRoutines": [
            {
              "name": "ParseFile"
            },
            {
              "name": "ParseExprFrom"
            },
            {
              "name": "parser.tryIdentOrType"
            },
            {
              "name": "parser.parsePrimaryExpr"
            },
            {
              "name": "parser.parseUnaryExpr"
            },
            {
              "name": "parser.parseBinaryExpr"
            },
            {
              "name": "parser.parseIfStmt"
            },
            {
              "name": "parser.parseStmt"
            },
            {
              "name": "resolver.openScope"
            },
            {
              "name": "resolver.closeScope"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.17.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.18.4",
              "status": "affected",
              "version": "1.18.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Juho Nurminen of Mattermost"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-674: Uncontrolled Recursion",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-12T19:04:29.406Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/417063"
        },
        {
          "url": "https://go.googlesource.com/go/+/695be961d57508da5a82217f7415200a11845879"
        },
        {
          "url": "https://go.dev/issue/53616"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2022-0515"
        }
      ],
      "title": "Stack exhaustion due to deeply nested types in go/parser"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2022-1962",
    "datePublished": "2022-08-09T20:18:18",
    "dateReserved": "2022-05-31T00:00:00",
    "dateUpdated": "2024-08-03T00:24:43.737Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-30631 (GCVE-0-2022-30631)

Vulnerability from cvelistv5

Published

2022-08-09 20:16

Modified

2025-10-20 17:51

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-674: Uncontrolled Recursion

Summary

Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files.

References

URL

Tags

	https://go.dev/cl/417067
	https://go.googlesource.com/go/+/b2b8872c876201eac2d0707276c6999ff3eb185e
	https://go.dev/issue/53168
	https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE
	https://pkg.go.dev/vuln/GO-2022-0524

Impacted products

	Vendor	Product	Version
	Go standard library	compress/gzip	Version: 0 ≤ Version: 1.18.0-0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:56:13.231Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/417067"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.googlesource.com/go/+/b2b8872c876201eac2d0707276c6999ff3eb185e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/53168"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2022-0524"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-30631",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-20T17:51:07.776953Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-20T17:51:28.366Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "compress/gzip",
          "product": "compress/gzip",
          "programRoutines": [
            {
              "name": "Reader.Read"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.17.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.18.4",
              "status": "affected",
              "version": "1.18.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-674: Uncontrolled Recursion",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-12T19:04:40.977Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/417067"
        },
        {
          "url": "https://go.googlesource.com/go/+/b2b8872c876201eac2d0707276c6999ff3eb185e"
        },
        {
          "url": "https://go.dev/issue/53168"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2022-0524"
        }
      ],
      "title": "Stack exhaustion when reading certain archives in compress/gzip"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2022-30631",
    "datePublished": "2022-08-09T20:16:32.000Z",
    "dateReserved": "2022-05-12T00:00:00.000Z",
    "dateUpdated": "2025-10-20T17:51:28.366Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-28131 (GCVE-0-2022-28131)

Vulnerability from cvelistv5

Published

2022-08-09 00:00

Modified

2024-08-03 05:48

Severity ?

CWE

CWE-674: Uncontrolled Recursion

Summary

Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.

References

URL

Tags

	https://go.dev/cl/417062
	https://go.googlesource.com/go/+/08c46ed43d80bbb67cb904944ea3417989be4af3
	https://go.dev/issue/53614
	https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE
	https://pkg.go.dev/vuln/GO-2022-0521

Impacted products

	Vendor	Product	Version
	Go standard library	encoding/xml	Version: 0 ≤ Version: 1.18.0-0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:48:36.830Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/417062"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.googlesource.com/go/+/08c46ed43d80bbb67cb904944ea3417989be4af3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/53614"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2022-0521"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "encoding/xml",
          "product": "encoding/xml",
          "programRoutines": [
            {
              "name": "Decoder.Skip"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.17.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.18.4",
              "status": "affected",
              "version": "1.18.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Go Security Team"
        },
        {
          "lang": "en",
          "value": "Juho Nurminen of Mattermost"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-674: Uncontrolled Recursion",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-12T19:04:35.004Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/417062"
        },
        {
          "url": "https://go.googlesource.com/go/+/08c46ed43d80bbb67cb904944ea3417989be4af3"
        },
        {
          "url": "https://go.dev/issue/53614"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2022-0521"
        }
      ],
      "title": "Stack exhaustion from deeply nested XML documents in encoding/xml"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2022-28131",
    "datePublished": "2022-08-09T00:00:00",
    "dateReserved": "2022-03-29T00:00:00",
    "dateUpdated": "2024-08-03T05:48:36.830Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-30633 (GCVE-0-2022-30633)

Vulnerability from cvelistv5

Published

2022-08-09 20:16

Modified

2024-08-03 06:56

Severity ?

CWE

CWE-674: Uncontrolled Recursion

Summary

Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag.

References

URL

Tags

	https://go.dev/cl/417061
	https://go.googlesource.com/go/+/c4c1993fd2a5b26fe45c09592af6d3388a3b2e08
	https://go.dev/issue/53611
	https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE
	https://pkg.go.dev/vuln/GO-2022-0523

Impacted products

	Vendor	Product	Version
	Go standard library	encoding/xml	Version: 0 ≤ Version: 1.18.0-0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:56:13.196Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/417061"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.googlesource.com/go/+/c4c1993fd2a5b26fe45c09592af6d3388a3b2e08"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/53611"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2022-0523"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "encoding/xml",
          "product": "encoding/xml",
          "programRoutines": [
            {
              "name": "Decoder.DecodeElement"
            },
            {
              "name": "Decoder.unmarshal"
            },
            {
              "name": "Decoder.unmarshalPath"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.17.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.18.4",
              "status": "affected",
              "version": "1.18.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the \u0027any\u0027 field tag."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-674: Uncontrolled Recursion",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-12T19:04:39.511Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/417061"
        },
        {
          "url": "https://go.googlesource.com/go/+/c4c1993fd2a5b26fe45c09592af6d3388a3b2e08"
        },
        {
          "url": "https://go.dev/issue/53611"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2022-0523"
        }
      ],
      "title": "Stack exhaustion when unmarshaling certain documents in encoding/xml"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2022-30633",
    "datePublished": "2022-08-09T20:16:19",
    "dateReserved": "2022-05-12T00:00:00",
    "dateUpdated": "2024-08-03T06:56:13.196Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-32148 (GCVE-0-2022-32148)

Vulnerability from cvelistv5

Published

2022-08-09 20:18

Modified

2024-08-03 07:32

Severity ?

CWE

CWE-200: Information Exposure

Summary

Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header.

References

URL

Tags

	https://go.dev/cl/412857
	https://go.googlesource.com/go/+/b2cc0fecc2ccd80e6d5d16542cc684f97b3a9c8a
	https://go.dev/issue/53423
	https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE
	https://pkg.go.dev/vuln/GO-2022-0520

Impacted products

	Vendor	Product	Version
	Go standard library	net/http	Version: 0 ≤ Version: 1.18.0-0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:32:55.971Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/412857"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.googlesource.com/go/+/b2cc0fecc2ccd80e6d5d16542cc684f97b3a9c8a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/53423"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2022-0520"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "net/http",
          "product": "net/http",
          "programRoutines": [
            {
              "name": "Header.Clone"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.17.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.18.4",
              "status": "affected",
              "version": "1.18.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Christian Mehlmauer"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-200: Information Exposure",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-12T19:04:32.608Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/412857"
        },
        {
          "url": "https://go.googlesource.com/go/+/b2cc0fecc2ccd80e6d5d16542cc684f97b3a9c8a"
        },
        {
          "url": "https://go.dev/issue/53423"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2022-0520"
        }
      ],
      "title": "Exposure of client IP addresses in net/http"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2022-32148",
    "datePublished": "2022-08-09T20:18:21",
    "dateReserved": "2022-05-31T00:00:00",
    "dateUpdated": "2024-08-03T07:32:55.971Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-30632 (GCVE-0-2022-30632)

Vulnerability from cvelistv5

Published

2022-08-09 20:15

Modified

2024-08-03 06:56

Severity ?

CWE

CWE-674: Uncontrolled Recursion

Summary

Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.

References

URL

Tags

	https://go.dev/cl/417066
	https://go.googlesource.com/go/+/ac68c6c683409f98250d34ad282b9e1b0c9095ef
	https://go.dev/issue/53416
	https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE
	https://pkg.go.dev/vuln/GO-2022-0522

Impacted products

	Vendor	Product	Version
	Go standard library	path/filepath	Version: 0 ≤ Version: 1.18.0-0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:56:13.251Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/417066"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.googlesource.com/go/+/ac68c6c683409f98250d34ad282b9e1b0c9095ef"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/53416"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2022-0522"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "path/filepath",
          "product": "path/filepath",
          "programRoutines": [
            {
              "name": "Glob"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.17.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.18.4",
              "status": "affected",
              "version": "1.18.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Juho Nurminen of Mattermost"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-674: Uncontrolled Recursion",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-12T19:04:36.688Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/417066"
        },
        {
          "url": "https://go.googlesource.com/go/+/ac68c6c683409f98250d34ad282b9e1b0c9095ef"
        },
        {
          "url": "https://go.dev/issue/53416"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2022-0522"
        }
      ],
      "title": "Stack exhaustion on crafted paths in path/filepath"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2022-30632",
    "datePublished": "2022-08-09T20:15:37",
    "dateReserved": "2022-05-12T00:00:00",
    "dateUpdated": "2024-08-03T06:56:13.251Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-1705 (GCVE-0-2022-1705)

Vulnerability from cvelistv5

Published

2022-08-09 20:16

Modified

2024-08-03 00:10

Severity ?

CWE

CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Summary

Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.

References

URL

Tags

	https://go.dev/cl/409874
	https://go.googlesource.com/go/+/e5017a93fcde94f09836200bca55324af037ee5f
	https://go.dev/issue/53188
	https://go.dev/cl/410714
	https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE
	https://pkg.go.dev/vuln/GO-2022-0525

Impacted products

	Vendor	Product	Version
	Go standard library	net/http	Version: 0 ≤ Version: 1.18.0-0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:10:03.918Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/409874"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.googlesource.com/go/+/e5017a93fcde94f09836200bca55324af037ee5f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/53188"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/410714"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2022-0525"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "net/http",
          "product": "net/http",
          "programRoutines": [
            {
              "name": "transferReader.parseTransferEncoding"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.17.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.18.4",
              "status": "affected",
              "version": "1.18.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Zeyu Zhang (https://www.zeyu2001.com/)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-12T19:04:43.089Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/409874"
        },
        {
          "url": "https://go.googlesource.com/go/+/e5017a93fcde94f09836200bca55324af037ee5f"
        },
        {
          "url": "https://go.dev/issue/53188"
        },
        {
          "url": "https://go.dev/cl/410714"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2022-0525"
        }
      ],
      "title": "Improper sanitization of Transfer-Encoding headers in net/http"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2022-1705",
    "datePublished": "2022-08-09T20:16:57",
    "dateReserved": "2022-05-13T00:00:00",
    "dateUpdated": "2024-08-03T00:10:03.918Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

opensuse-su-2024:12190-1

Vulnerability from csaf_opensuse

CVE-2022-30630 (GCVE-0-2022-30630)

Vulnerability from cvelistv5

CVE-2022-30635 (GCVE-0-2022-30635)

Vulnerability from cvelistv5

CVE-2022-1962 (GCVE-0-2022-1962)

Vulnerability from cvelistv5

CVE-2022-30631 (GCVE-0-2022-30631)

Vulnerability from cvelistv5

CVE-2022-28131 (GCVE-0-2022-28131)

Vulnerability from cvelistv5

CVE-2022-30633 (GCVE-0-2022-30633)

Vulnerability from cvelistv5

CVE-2022-32148 (GCVE-0-2022-32148)

Vulnerability from cvelistv5

CVE-2022-30632 (GCVE-0-2022-30632)

Vulnerability from cvelistv5

CVE-2022-1705 (GCVE-0-2022-1705)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature