CVE-2022-30632
Published on: Not Yet Published
Last Modified on: 06/08/2023 09:09:41 PM UTC
Certain versions of Fedora from Fedoraproject contain the following vulnerability:
Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.
- CVE-2022-30632 has been assigned by
secu[email protected] to track the vulnerability - currently rated as HIGH severity. - Affected Vendor/Software: Go standard library - path/filepath version < 1.17.12
- Affected Vendor/Software: Go standard library - path/filepath version < 1.18.4
CVSS3 Score: 7.5 - HIGH
| Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|---|---|---|---|
| NETWORK | LOW | NONE | NONE |
| Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
| UNCHANGED | NONE | NONE | HIGH |
CVE References
| Description | Tags ⓘ | Link |
|---|---|---|
| path/filepath: stack exhaustion in Glob · Issue #53416 · golang/go · GitHub | go.dev text/html |
MISC go.dev/issue/53416 |
| No Description Provided | go.dev text/html |
MISC go.dev/cl/417066 |
| GO-2022-0522 - Go Packages | pkg.go.dev text/html |
MISC pkg.go.dev/vuln/GO-2022-0522 |
| [security] Go 1.18.4 and Go 1.17.12 are released | groups.google.com text/html |
MISC groups.google.com/g/golang-announce/c/nqrv9fbR0zE |
| ac68c6c683409f98250d34ad282b9e1b0c9095ef - go - Git at Google | go.googlesource.com text/html |
MISC go.googlesource.com/go/+/ac68c6c683409f98250d34ad282b9e1b0c9095ef |
| [SECURITY] Fedora 35 Update: fzf-0.29.0-2.fc35 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org text/html |
FEDORA FEDORA-2022-30c5ed5625 |
Related QID Numbers
- 160009 Oracle Enterprise Linux Security Update for go-toolset and golang (ELSA-2022-5799)
- 160017 Oracle Enterprise Linux Security Update for go-toolset:ol8 (ELSA-2022-5775)
- 160173 Oracle Enterprise Linux Security Update for git-lfs (ELSA-2022-7129)
- 160202 Oracle Enterprise Linux Security Update for ol8addon (ELSA-2022-23681)
- 160237 Oracle Enterprise Linux Security Update for container-tools:3.0 (ELSA-2022-7529)
- 160238 Oracle Enterprise Linux Security Update for grafana (ELSA-2022-7519)
- 160241 Oracle Enterprise Linux Security Update for grafana-pcp (ELSA-2022-7648)
- 160278 Oracle Enterprise Linux Security Update for grafana (ELSA-2022-8057)
- 160306 Oracle Enterprise Linux Security Update for grafana-pcp (ELSA-2022-8250)
- 160322 Oracle Enterprise Linux Security Update for ol8addon (ELSA-2022-24267)
- 160582 Oracle Enterprise Linux Security Update for git-lfs (ELSA-2023-2357)
- 160678 Oracle Enterprise Linux Security Update for container-tools:ol8 (ELSA-2023-2758)
- 160696 Oracle Enterprise Linux Security Update for container-tools:4.0 (ELSA-2023-2802)
- 183098 Debian Security Update for golang-1.19 (CVE-2022-30632)
- 199304 Ubuntu Security Notification for Go Vulnerabilities (USN-6038-1)
- 240580 Red Hat Update for go-toolset:rhel8 (RHSA-2022:5775)
- 240639 Red Hat Update for go-toolset and golang (RHSA-2022:5799)
- 240773 Red Hat Update for git-lfs (RHSA-2022:7129)
- 240821 Red Hat Update for container-tools:3.0 (RHSA-2022:7529)
- 240839 Red Hat Update for grafana-pcp (RHSA-2022:7648)
- 240850 Red Hat Update for grafana security (RHSA-2022:7519)
- 240889 Red Hat Update for toolbox (RHSA-2022:8098)
- 240902 Red Hat Update for grafana security (RHSA-2022:8057)
- 240903 Red Hat Update for grafana-pcp (RHSA-2022:8250)
- 241268 Red Hat Update for multiple OpenStack Platforms (RHSA-2023:1275)
- 241467 Red Hat Update for git-lfs (RHSA-2023:2357)
- 241486 Red Hat Update for container-tools:4.0 (RHSA-2023:2802)
- 241505 Red Hat Update for container-tools:rhel8 security (RHSA-2023:2758)
- 283049 Fedora Security Update for fzf (FEDORA-2022-30c5ed5625)
- 354064 Amazon Linux Security Advisory for golist : ALAS2-2022-1847
- 354067 Amazon Linux Security Advisory for golang : ALAS2-2022-1846
- 354069 Amazon Linux Security Advisory for golang : ALAS-2022-1635
- 354083 Amazon Linux Security Advisory for runc : ALAS2DOCKER-2022-020
- 354088 Amazon Linux Security Advisory for golang-github-syndtr-gocapability : ALAS2-2022-1865
- 354089 Amazon Linux Security Advisory for golang-googlecode-sqlite : ALAS2-2022-1862
- 354090 Amazon Linux Security Advisory for golang-github-kr-pty : ALAS2-2022-1864
- 354091 Amazon Linux Security Advisory for go-rpm-macros : ALAS2-2022-1863
- 354092 Amazon Linux Security Advisory for golang-googlecode-net : ALAS2-2022-1861
- 354093 Amazon Linux Security Advisory for golang-github-gorilla-mux : ALAS2-2022-1860
- 354094 Amazon Linux Security Advisory for golang-github-gorilla-context : ALAS2-2022-1859
- 354096 Amazon Linux Security Advisory for golang-github-godbus-dbus : ALAS2-2022-1858
- 354297 Amazon Linux Security Advisory for golang : ALAS2022-2022-128
- 354370 Amazon Linux Security Advisory for golang-github-cpuguy83-md2man : ALAS2022-2022-140
- 354493 Amazon Linux Security Advisory for golist : ALAS2022-2022-133
- 354504 Amazon Linux Security Advisory for golist : ALAS2022-2022-192
- 354527 Amazon Linux Security Advisory for golang : ALAS2022-2022-193
- 354566 Amazon Linux Security Advisory for golang : ALAS-2022-193
- 355111 Amazon Linux Security Advisory for golist : ALAS2023-2023-046
- 355186 Amazon Linux Security Advisory for golang-github-cpuguy83-md2man : ALAS2023-2023-047
- 355212 Amazon Linux Security Advisory for golang : ALAS2023-2023-048
- 376985 Alibaba Cloud Linux Security Update for go-toolset:rhel8 (ALINUX3-SA-2022:0152)
- 377746 Alibaba Cloud Linux Security Update for git-lfs (ALINUX3-SA-2022:0180)
- 378599 Splunk Enterprise Third Party Package Updates for June (SVD-2023-0613)
- 502459 Alpine Linux Security Update for go
- 502857 Alpine Linux Security Update for go
- 672085 EulerOS Security Update for golang (EulerOS-SA-2022-2317)
- 672112 EulerOS Security Update for golang (EulerOS-SA-2022-2288)
- 672294 EulerOS Security Update for golang (EulerOS-SA-2022-2651)
- 672302 EulerOS Security Update for golang (EulerOS-SA-2022-2683)
- 672320 EulerOS Security Update for golang (EulerOS-SA-2022-2710)
- 690898 Free Berkeley Software Distribution (FreeBSD) Security Update for go (a4f2416c-02a0-11ed-b817-10c37b4ac2ea)
- 710584 Gentoo Linux Go Multiple Vulnerabilities (GLSA 202208-02)
- 752444 SUSE Enterprise Linux Security Update for go1.17 (SUSE-SU-2022:2671-1)
- 753134 SUSE Enterprise Linux Security Update for go1.18 (SUSE-SU-2022:2672-1)
- 754047 SUSE Enterprise Linux Security Update for go1.18-openssl (SUSE-SU-2023:2312-1)
- 902722 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (10517)
- 902740 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (10535)
- 903946 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (10535-1)
- 904007 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (10517-1)
- 940609 AlmaLinux Security Update for go-toolset:rhel8 (ALSA-2022:5775)
- 940627 AlmaLinux Security Update for go-toolset and golang (ALSA-2022:5799)
- 940722 AlmaLinux Security Update for git-lfs (ALSA-2022:7129)
- 940744 AlmaLinux Security Update for grafana-pcp (ALSA-2022:7648)
- 940770 AlmaLinux Security Update for grafana (ALSA-2022:7519)
- 940773 AlmaLinux Security Update for container-tools:3.0 (ALSA-2022:7529)
- 940805 AlmaLinux Security Update for grafana-pcp (ALSA-2022:8250)
- 940816 AlmaLinux Security Update for toolbox (ALSA-2022:8098)
- 940826 AlmaLinux Security Update for grafana (ALSA-2022:8057)
- 941053 AlmaLinux Security Update for git-lfs (ALSA-2023:2357)
- 941090 AlmaLinux Security Update for container-tools:4.0 (ALSA-2023:2802)
- 941116 AlmaLinux Security Update for container-tools:rhel8 (ALSA-2023:2758)
- 960463 Rocky Linux Security Update for go-toolset:rhel8 (RLSA-2022:5775)
- 960528 Rocky Linux Security Update for grafana (RLSA-2022:8057)
- 960541 Rocky Linux Security Update for grafana-pcp (RLSA-2022:8250)
- 960563 Rocky Linux Security Update for grafana-pcp (RLSA-2022:7648)
- 960593 Rocky Linux Security Update for toolbox (RLSA-2022:8098)
- 960603 Rocky Linux Security Update for container-tools:3.0 (RLSA-2022:7529)
- 960612 Rocky Linux Security Update for go-toolset and golang (RLSA-2022:5799)
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Fedoraproject | Fedora | 35 | All | All | All |
| Application | Golang | Go | All | All | All | All |
- cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*:
- cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
| Source | Title | Posted (UTC) |
|---|---|---|
 @janxin |
又有三个CVE: CVE-2022-30632 CVE-2022-30631 CVE-2022-30630 | 2022-06-21 08:42:28 |
| @CVEreport |
CVE-2022-30632 : Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker… twitter.com/i/web/status/1… | 2022-08-10 20:36:50 |
 /r/netcve |
CVE-2022-30632 | 2022-08-10 21:38:11 |
| /r/homeassistant |
I found a cryptocurrency miner in my home-assistant container | 2023-08-25 09:48:49 |