CVE-2022-41715
Summary
| CVE | CVE-2022-41715 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-10-14 15:16:00 UTC |
| Updated | 2023-11-25 11:15:00 UTC |
| Description | Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Fedoraproject | Fedora | 37 | All | All | All |
| Application | Golang | Go | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Go: Multiple Vulnerabilities (GLSA 202311-09) — Gentoo security | security.gentoo.org | ||
| [SECURITY] Fedora 37 Update: golang-1.19.2-1.fc37 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| regexp/syntax: limit memory used by parsing regexps · Issue #55949 · golang/go · GitHub | MISC | go.dev | |
| [security] Go 1.19.2 and Go 1.18.7 are released | MISC | groups.google.com | |
| go.dev/cl/439356 | MISC | go.dev | |
| GO-2022-1039 - Go Packages | MISC | pkg.go.dev | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 160322 Oracle Enterprise Linux Security Update for ol8addon (ELSA-2022-24267)
- 160414 Oracle Enterprise Linux Security Update for go-toolset and golang (ELSA-2023-0328)
- 160440 Oracle Enterprise Linux Security Update for go-toolset:ol8 (ELSA-2023-0446)
- 160499 Oracle Enterprise Linux Security Update for ol8addon (ELSA-2023-18908)
- 160582 Oracle Enterprise Linux Security Update for git-lfs (ELSA-2023-2357)
- 160597 Oracle Enterprise Linux Security Update for golang-github-cpuguy83-md2man (ELSA-2023-2592)
- 160609 Oracle Enterprise Linux Security Update for image builder (ELSA-2023-2204)
- 160619 Oracle Enterprise Linux Security Update for grafana security and enhancement update (ELSA-2023-2167)
- 160655 Oracle Enterprise Linux Security Update for grafana (ELSA-2023-2784)
- 160663 Oracle Enterprise Linux Security Update for git-lfs (ELSA-2023-2866)
- 160666 Oracle Enterprise Linux Security Update for image builder (ELSA-2023-2780)
- 161289 Oracle Enterprise Linux Security Update for container-tools:4.0 (ELSA-2024-0121)
- 183457 Debian Security Update for golang-1.19 (CVE-2022-41715)
- 199304 Ubuntu Security Notification for Go Vulnerabilities (USN-6038-1)
- 241070 Red Hat OpenShift Container Platform 4.12 Security Update (RHSA-2022:7398)
- 241106 Red Hat Update for go-toolset and golang (RHSA-2023:0328)
- 241132 Red Hat Update for go-toolset:rhel8 (RHSA-2023:0446)
- 241187 Red Hat OpenShift Container Platform 4.12 Security Update (RHSA-2023:0727)
- 241268 Red Hat Update for multiple OpenStack Platforms (RHSA-2023:1275)
- 241424 Red Hat Update for image builder security (RHSA-2023:2204)
- 241453 Red Hat Update for grafana (RHSA-2023:2167)
- 241467 Red Hat Update for git-lfs (RHSA-2023:2357)
- 241485 Red Hat Update for grafana (RHSA-2023:2784)
- 241490 Red Hat Update for image builder security (RHSA-2023:2780)
- 241520 Red Hat Update for git-lfs (RHSA-2023:2866)
- 241747 Red Hat OpenShift Container Platform 4.12 Security Update (RHSA-2023:3613)
- 242882 Red Hat Update for container-tools:4.0 (RHSA-2024:0121)
- 283206 Fedora Security Update for golang (FEDORA-2022-0e313cc582)
- 354133 Amazon Linux Security Advisory for golang : ALAS2-2022-1887
- 354318 Amazon Linux Security Advisory for golist : ALAS2022-2022-240
- 354512 Amazon Linux Security Advisory for golang : ALAS2022-2022-239
- 354547 Amazon Linux Security Advisory for golang : ALAS-2022-239
- 354562 Amazon Linux Security Advisory for golist : ALAS-2022-240
- 354647 Amazon Linux Security Advisory for golist : ALAS2-2023-1913
- 355111 Amazon Linux Security Advisory for golist : ALAS2023-2023-046
- 355212 Amazon Linux Security Advisory for golang : ALAS2023-2023-048
- 356304 Amazon Linux Security Advisory for golang : ALASGOLANG1.19-2023-002
- 378046 Alibaba Cloud Linux Security Update for go-toolset:rhel8 (ALINUX3-SA-2023:0028)
- 378599 Splunk Enterprise Third Party Package Updates for June (SVD-2023-0613)
- 378652 Alibaba Cloud Linux Security Update for git-lfs (ALINUX3-SA-2023:0071)
- 378707 Alibaba Cloud Linux Security Update for grafana (ALINUX3-SA-2023:0075)
- 378883 Splunk Enterprise August Third Party Package Updates (SVD-2023-0808)
- 502529 Alpine Linux Security Update for go
- 502859 Alpine Linux Security Update for go
- 672413 EulerOS Security Update for golang (EulerOS-SA-2022-2795)
- 672476 EulerOS Security Update for golang (EulerOS-SA-2023-1035)
- 672519 EulerOS Security Update for golang (EulerOS-SA-2023-1010)
- 672528 EulerOS Security Update for golang (EulerOS-SA-2023-1100)
- 672533 EulerOS Security Update for golang (EulerOS-SA-2023-1124)
- 672621 EulerOS Security Update for golang (EulerOS-SA-2023-1385)
- 672650 EulerOS Security Update for golang (EulerOS-SA-2023-1357)
- 690952 Free Berkeley Software Distribution (FreeBSD) Security Update for go (854c2afb-4424-11ed-af97-adcabf310f9b)
- 710791 Gentoo Linux Go Multiple Vulnerabilities (GLSA 202311-09)
- 753218 SUSE Enterprise Linux Security Update for go1.19 (SUSE-SU-2022:3669-1)
- 753359 SUSE Enterprise Linux Security Update for go1.18 (SUSE-SU-2022:3668-1)
- 753995 SUSE Enterprise Linux Security Update for SUSE Manager Client Tools (SUSE-SU-2023:2183-1)
- 754047 SUSE Enterprise Linux Security Update for go1.18-openssl (SUSE-SU-2023:2312-1)
- 754116 SUSE Enterprise Linux Security Update for SUSE Manager Client Tools (SUSE-SU-2023:2578-1)
- 755764 SUSE Enterprise Linux Security Update for SUSE Manager Client Tools (SUSE-SU-2024:0487-1)
- 755846 SUSE Enterprise Linux Security Update for golang-github-prometheus-prometheus (SUSE-SU-2023:2598-1)
- 770172 Red Hat OpenShift Container Platform 4.12 Security Update (RHSA-2022:7398)
- 770176 Red Hat OpenShift Container Platform 4.12 Security Update (RHSA-2023:0727)
- 770197 Red Hat OpenShift Container Platform 4.12 Security Update (RHSA-2023:3613)
- 904226 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (11156)
- 904244 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (11130)
- 907765 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (11156-1)
- 907843 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (11130-1)
- 907898 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (11130-2)
- 908059 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (11130-4)
- 940905 AlmaLinux Security Update for go-toolset and golang (ALSA-2023:0328)
- 940911 AlmaLinux Security Update for go-toolset:rhel8 (ALSA-2023:0446)
- 941046 AlmaLinux Security Update for grafana (ALSA-2023:2167)
- 941053 AlmaLinux Security Update for git-lfs (ALSA-2023:2357)
- 941060 AlmaLinux Security Update for golang-github-cpuguy83-md2man (ALSA-2023:2592)
- 941063 AlmaLinux Security Update for Image (ALSA-2023:2204)
- 941104 AlmaLinux Security Update for grafana (ALSA-2023:2784)
- 941108 AlmaLinux Security Update for git-lfs (ALSA-2023:2866)
- 941118 AlmaLinux Security Update for Image (ALSA-2023:2780)
- 941535 AlmaLinux Security Update for container-tools:4.0 (ALSA-2024:0121)
- 960489 Rocky Linux Security Update for go-toolset and golang (RLSA-2023:0328)
- 960609 Rocky Linux Security Update for go-toolset:rhel8 (RLSA-2023:0446)