Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.

References

go.dev/cl/417064

go.dev/issue/53615

go.googlesource.com/go/+/6fa37e98ea4382bf881428ee0c150ce591500eb7

groups.google.com/g/golang-announce/c/nqrv9fbR0zE

pkg.go.dev/vuln/GO-2022-0526

veracode 1

cbl_mariner 2

nessus 71

osv 22

cve 2

alpinelinux 2

nvd 2

ubuntucve 1

prion 1

redhatcve 2

cvelist 2

debiancve 2

vulnrichment 1

oraclelinux 12

rocky 7

almalinux 10

redhat 19

openvas 11

ibm 12

freebsd 1

altlinux 2

mageia 1

suse 2

photon 2

amazon 9

veracode

Denial Of Service (DoS)

2022-07-25 12:55:33

cbl_mariner

CVE-2022-30635 affecting package golang 1.18.3-1

2022-09-17 05:56:44

CVE-2022-30635 affecting package golang for versions less than 1.18.5-1

2022-09-16 06:05:39

nessus

RHEL 9 : heketi (Unpatched Vulnerability)

2024-06-03 00:00:00

RHEL 8 : heketi (Unpatched Vulnerability)

2024-06-03 00:00:00

RHEL 9 : grafana-pcp (RHSA-2022:8250)

2022-11-16 00:00:00

osv

BIT-golang-2022-30635

2024-03-06 10:59:22

Stack exhaustion when decoding certain messages in encoding/gob

2022-07-20 20:52:17

Stack exhaustion in Decoder.Decode in encoding/gob

2024-09-06 19:15:23

cve

CVE-2022-30635

2022-08-10 20:15:42

CVE-2024-34156

2024-09-06 21:15:12

alpinelinux

CVE-2022-30635

2022-08-10 20:15:42

CVE-2024-34156

2024-09-06 21:15:12

nvd

CVE-2022-30635

2022-08-10 20:15:42

CVE-2024-34156

2024-09-06 21:15:12

ubuntucve

CVE-2022-30635

2022-08-10 00:00:00

prion

Design/Logic Flaw

2022-08-10 20:15:00

redhatcve

CVE-2022-30635

2022-07-15 10:32:37

CVE-2024-34156

2024-09-07 00:10:01

cvelist

CVE-2022-30635 Stack exhaustion when decoding certain messages in encoding/gob

2022-08-09 20:16:05

CVE-2024-34156 Stack exhaustion in Decoder.Decode in encoding/gob

2024-09-06 20:42:42

debiancve

CVE-2022-30635

2022-08-10 20:15:42

CVE-2024-34156

2024-09-06 21:15:12

vulnrichment

CVE-2024-34156 Stack exhaustion in Decoder.Decode in encoding/gob

2024-09-06 20:42:42

oraclelinux

grafana-pcp security update

2022-11-15 00:00:00

grafana-pcp security update

2022-11-22 00:00:00

go-toolset:ol8 security and bug fix update

2022-08-03 00:00:00

rocky

grafana-pcp security update

2022-11-15 06:19:30

grafana-pcp security update

2022-11-08 06:25:29

git-lfs security and bug fix update

2022-10-25 07:32:51

almalinux

Moderate: grafana-pcp security update

2022-11-15 00:00:00

Moderate: grafana-pcp security update

2022-11-08 00:00:00

Important: go-toolset and golang security and bug fix update

2022-08-01 00:00:00

redhat

(RHSA-2022:7648) Moderate: grafana-pcp security update

2022-11-08 06:25:29

(RHSA-2022:8250) Moderate: grafana-pcp security update

2022-11-15 06:19:30

(RHSA-2022:7129) Moderate: git-lfs security and bug fix update

2022-10-25 07:32:51

openvas

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2022-2710)

2022-11-04 00:00:00

Mageia: Security Advisory (MGASA-2022-0262)

2022-07-18 00:00:00

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2022-2317)

2022-09-14 00:00:00

ibm

Security Bulletin: Multiple vulnerabilities in Golang affect IBM Cloud Pak System

2023-03-31 15:24:19

Security Bulletin: Operations Dashboard is vulnerable to multiple Golang Go vulnerabilities

2022-09-20 15:18:46

Security Bulletin: IBM Cloud Pak for Data is vulnerable to various issues due to go compiler ( CVE-2022-30630, CVE-2022-30635, CVE-2022-32148, CVE-2022-30631, CVE-2022-30632, CVE-2022-32189, CVE-2022-28131, CVE-2022-30633, CV )

2024-07-19 20:36:54

freebsd

go -- multiple vulnerabilities

2022-07-12 00:00:00

altlinux

Security fix for the ALT Linux 10 package golang version 1.17.12-alt1.p10

2022-07-29 00:00:00

Security fix for the ALT Linux 10 package golang version 1.18.4-alt1

2022-07-28 00:00:00

mageia

Updated golang packages fix security vulnerability

2022-07-16 22:58:20

suse

Security update for go1.17 (important)

2022-08-04 00:00:00

Security update for go1.18 (important)

2022-08-04 00:00:00

photon

Important Photon OS Security Update - PHSA-2022-0242

2022-09-07 00:00:00

Important Photon OS Security Update - PHSA-2022-4.0-0242

2022-09-07 00:00:00

amazon

Important: golist

2022-09-15 04:46:00

Important: golang-github-godbus-dbus

2022-10-17 21:46:00

Important: golang-googlecode-sqlite

2022-10-17 21:46:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

55.8%

JSON

Related for OSV:CVE-2022-30635