CVE-2022-30630
Summary
| CVE | CVE-2022-30630 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-08-10 20:15:00 UTC |
|---|
| Updated | 2023-11-07 03:47:00 UTC |
|---|
| Description | Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators. |
|---|
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|
| Operating System |
Fedoraproject |
Fedora |
35 |
All |
All |
All |
| Application |
Golang |
Go |
All |
All |
All |
All |
References
| Reference | Source | Link | Tags |
|---|
| go.dev/cl/417065 |
MISC |
go.dev |
|
| fa2d41d0ca736f3ad6b200b2a4e134364e9acc59 - go - Git at Google |
MISC |
go.googlesource.com |
|
| io/fs: stack exhaustion in Glob · Issue #53415 · golang/go · GitHub |
MISC |
go.dev |
|
| [security] Go 1.18.4 and Go 1.17.12 are released |
MISC |
groups.google.com |
|
| [SECURITY] Fedora 35 Update: fzf-0.29.0-2.fc35 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| GO-2022-0527 - Go Packages |
MISC |
pkg.go.dev |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 160009 Oracle Enterprise Linux Security Update for go-toolset and golang (ELSA-2022-5799)
- 160017 Oracle Enterprise Linux Security Update for go-toolset:ol8 (ELSA-2022-5775)
- 160173 Oracle Enterprise Linux Security Update for git-lfs (ELSA-2022-7129)
- 160202 Oracle Enterprise Linux Security Update for ol8addon (ELSA-2022-23681)
- 160237 Oracle Enterprise Linux Security Update for container-tools:3.0 (ELSA-2022-7529)
- 160238 Oracle Enterprise Linux Security Update for grafana (ELSA-2022-7519)
- 160241 Oracle Enterprise Linux Security Update for grafana-pcp (ELSA-2022-7648)
- 160278 Oracle Enterprise Linux Security Update for grafana (ELSA-2022-8057)
- 160306 Oracle Enterprise Linux Security Update for grafana-pcp (ELSA-2022-8250)
- 160322 Oracle Enterprise Linux Security Update for ol8addon (ELSA-2022-24267)
- 160582 Oracle Enterprise Linux Security Update for git-lfs (ELSA-2023-2357)
- 160678 Oracle Enterprise Linux Security Update for container-tools:ol8 (ELSA-2023-2758)
- 160696 Oracle Enterprise Linux Security Update for container-tools:4.0 (ELSA-2023-2802)
- 182778 Debian Security Update for golang-1.19 (CVE-2022-30630)
- 199304 Ubuntu Security Notification for Go Vulnerabilities (USN-6038-1)
- 240580 Red Hat Update for go-toolset:rhel8 (RHSA-2022:5775)
- 240639 Red Hat Update for go-toolset and golang (RHSA-2022:5799)
- 240773 Red Hat Update for git-lfs (RHSA-2022:7129)
- 240821 Red Hat Update for container-tools:3.0 (RHSA-2022:7529)
- 240839 Red Hat Update for grafana-pcp (RHSA-2022:7648)
- 240850 Red Hat Update for grafana security (RHSA-2022:7519)
- 240889 Red Hat Update for toolbox (RHSA-2022:8098)
- 240902 Red Hat Update for grafana security (RHSA-2022:8057)
- 240903 Red Hat Update for grafana-pcp (RHSA-2022:8250)
- 241268 Red Hat Update for multiple OpenStack Platforms (RHSA-2023:1275)
- 241467 Red Hat Update for git-lfs (RHSA-2023:2357)
- 241486 Red Hat Update for container-tools:4.0 (RHSA-2023:2802)
- 241505 Red Hat Update for container-tools:rhel8 security (RHSA-2023:2758)
- 283049 Fedora Security Update for fzf (FEDORA-2022-30c5ed5625)
- 354064 Amazon Linux Security Advisory for golist : ALAS2-2022-1847
- 354067 Amazon Linux Security Advisory for golang : ALAS2-2022-1846
- 354069 Amazon Linux Security Advisory for golang : ALAS-2022-1635
- 354083 Amazon Linux Security Advisory for runc : ALAS2DOCKER-2022-020
- 354088 Amazon Linux Security Advisory for golang-github-syndtr-gocapability : ALAS2-2022-1865
- 354089 Amazon Linux Security Advisory for golang-googlecode-sqlite : ALAS2-2022-1862
- 354090 Amazon Linux Security Advisory for golang-github-kr-pty : ALAS2-2022-1864
- 354091 Amazon Linux Security Advisory for go-rpm-macros : ALAS2-2022-1863
- 354092 Amazon Linux Security Advisory for golang-googlecode-net : ALAS2-2022-1861
- 354093 Amazon Linux Security Advisory for golang-github-gorilla-mux : ALAS2-2022-1860
- 354094 Amazon Linux Security Advisory for golang-github-gorilla-context : ALAS2-2022-1859
- 354096 Amazon Linux Security Advisory for golang-github-godbus-dbus : ALAS2-2022-1858
- 354297 Amazon Linux Security Advisory for golang : ALAS2022-2022-128
- 354370 Amazon Linux Security Advisory for golang-github-cpuguy83-md2man : ALAS2022-2022-140
- 354493 Amazon Linux Security Advisory for golist : ALAS2022-2022-133
- 354504 Amazon Linux Security Advisory for golist : ALAS2022-2022-192
- 354527 Amazon Linux Security Advisory for golang : ALAS2022-2022-193
- 354566 Amazon Linux Security Advisory for golang : ALAS-2022-193
- 355111 Amazon Linux Security Advisory for golist : ALAS2023-2023-046
- 355186 Amazon Linux Security Advisory for golang-github-cpuguy83-md2man : ALAS2023-2023-047
- 355212 Amazon Linux Security Advisory for golang : ALAS2023-2023-048
- 376985 Alibaba Cloud Linux Security Update for go-toolset:rhel8 (ALINUX3-SA-2022:0152)
- 377746 Alibaba Cloud Linux Security Update for git-lfs (ALINUX3-SA-2022:0180)
- 378599 Splunk Enterprise Third Party Package Updates for June (SVD-2023-0613)
- 378883 Splunk Enterprise August Third Party Package Updates (SVD-2023-0808)
- 502459 Alpine Linux Security Update for go
- 502857 Alpine Linux Security Update for go
- 690898 Free Berkeley Software Distribution (FreeBSD) Security Update for go (a4f2416c-02a0-11ed-b817-10c37b4ac2ea)
- 710584 Gentoo Linux Go Multiple Vulnerabilities (GLSA 202208-02)
- 752444 SUSE Enterprise Linux Security Update for go1.17 (SUSE-SU-2022:2671-1)
- 753134 SUSE Enterprise Linux Security Update for go1.18 (SUSE-SU-2022:2672-1)
- 754047 SUSE Enterprise Linux Security Update for go1.18-openssl (SUSE-SU-2023:2312-1)
- 902711 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (10515)
- 902728 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (10533)
- 903966 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (10533-1)
- 904006 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (10515-1)
- 907779 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (10515-2)
- 907798 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (10533-2)
- 940609 AlmaLinux Security Update for go-toolset:rhel8 (ALSA-2022:5775)
- 940627 AlmaLinux Security Update for go-toolset and golang (ALSA-2022:5799)
- 940722 AlmaLinux Security Update for git-lfs (ALSA-2022:7129)
- 940744 AlmaLinux Security Update for grafana-pcp (ALSA-2022:7648)
- 940770 AlmaLinux Security Update for grafana (ALSA-2022:7519)
- 940773 AlmaLinux Security Update for container-tools:3.0 (ALSA-2022:7529)
- 940805 AlmaLinux Security Update for grafana-pcp (ALSA-2022:8250)
- 940816 AlmaLinux Security Update for toolbox (ALSA-2022:8098)
- 940826 AlmaLinux Security Update for grafana (ALSA-2022:8057)
- 941053 AlmaLinux Security Update for git-lfs (ALSA-2023:2357)
- 941090 AlmaLinux Security Update for container-tools:4.0 (ALSA-2023:2802)
- 941116 AlmaLinux Security Update for container-tools:rhel8 (ALSA-2023:2758)
- 960463 Rocky Linux Security Update for go-toolset:rhel8 (RLSA-2022:5775)
- 960528 Rocky Linux Security Update for grafana (RLSA-2022:8057)
- 960541 Rocky Linux Security Update for grafana-pcp (RLSA-2022:8250)
- 960563 Rocky Linux Security Update for grafana-pcp (RLSA-2022:7648)
- 960593 Rocky Linux Security Update for toolbox (RLSA-2022:8098)
- 960603 Rocky Linux Security Update for container-tools:3.0 (RLSA-2022:7529)
- 960612 Rocky Linux Security Update for go-toolset and golang (RLSA-2022:5799)
