CVE-2022-24921

Summary

CVE	CVE-2022-24921
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-03-05 20:15:00 UTC
Updated	2023-08-08 14:22:00 UTC
Description	regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.

Risk And Classification

Problem Types: CWE-674

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	9.0	All	All	All
Application	Golang	Go	All	All	All	All
Application	Netapp	Astra Trident	-	All	All	All

References

Reference	Source	Link	Tags
[SECURITY] [DLA 3395-1] golang-1.11 security update	MLIST	lists.debian.org
[security] Go 1.17.8 and Go 1.16.15 are released	CONFIRM	groups.google.com
CVE-2022-24921 Golang Vulnerability in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf	MISC	cert-portal.siemens.com
[SECURITY] [DLA 2985-1] golang-1.7 security update	MLIST	lists.debian.org
Go: Multiple Vulnerabilities (GLSA 202208-02) — Gentoo security	GENTOO	security.gentoo.org
[SECURITY] [DLA 2986-1] golang-1.8 security update	MLIST	lists.debian.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

159783 Oracle Enterprise Linux Security Update for olcne istio istio (ELSA-2022-9362)
159784 Oracle Enterprise Linux Security Update for olcne istio istio (ELSA-2022-9363)
159885 Oracle Enterprise Linux Security Update for go-toolset:ol8addon (ELSA-2022-14844)
159886 Oracle Enterprise Linux Security Update for go-toolset:ol8addon (ELSA-2022-14857)
179209 Debian Security Update for golang-1.15 (CVE-2022-24921)
179251 Debian Security Update for golang-1.7 (DLA 2985-1)
179252 Debian Security Update for golang-1.8 (DLA 2986-1)
181743 Debian Security Update for golang-1.11 (DLA 3395-1)
240578 Red Hat OpenShift Container Platform 4.10 Security Update (RHSA-2022:5729)
240607 Red Hat OpenShift Container Platform 4.11 Security Update (RHSA-2022:5068)
353977 Amazon Linux Security Advisory for golang : ALAS2-2022-1811
354041 Amazon Linux Security Advisory for golang : ALAS2-2022-1830
378599 Splunk Enterprise Third Party Package Updates for June (SVD-2023-0613)
378883 Splunk Enterprise August Third Party Package Updates (SVD-2023-0808)
501856 Alpine Linux Security Update for go
502093 Alpine Linux Security Update for go
502299 Alpine Linux Security Update for go
671610 EulerOS Security Update for golang (EulerOS-SA-2022-1534)
671616 EulerOS Security Update for golang (EulerOS-SA-2022-1566)
671754 EulerOS Security Update for golang (EulerOS-SA-2022-1805)
671755 EulerOS Security Update for golang (EulerOS-SA-2022-1788)
671783 EulerOS Security Update for golang (EulerOS-SA-2022-1841)
671789 EulerOS Security Update for golang (EulerOS-SA-2022-1865)
690818 Free Berkeley Software Distribution (FreeBSD) Security Update for go (e2af876f-a7c8-11ec-9a2a-002324b2fba8)
710584 Gentoo Linux Go Multiple Vulnerabilities (GLSA 202208-02)
752030 SUSE Enterprise Linux Security Update for go1.17 (SUSE-SU-2022:1167-1)
752032 SUSE Enterprise Linux Security Update for go1.16 (SUSE-SU-2022:1164-1)
770160 Red Hat OpenShift Container Platform 4.1 Security Update (RHSA-2022:5729)
770161 Red Hat OpenShift Container Platform 4.1 Security Update (RHSA-2022:5068)
900730 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (8876)
901879 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (8898-1)
907784 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (8876-1)
907845 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (8898-2)
960300 Rocky Linux Security Update for go-toolset:rhel8 (RLSA-2022:5337)
960612 Rocky Linux Security Update for go-toolset and golang (RLSA-2022:5799)