Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB.

CPENameOperatorVersion
goge1.19.0
golt1.19.2
golt1.18.7

Name	Operator	Version
go	ge	1.19.0
go	lt	1.19.2
go	lt	1.18.7

References

go.dev/cl/439355

go.dev/issue/54853

groups.google.com/g/golang-announce/c/xtuG5faxtaU

pkg.go.dev/vuln/GO-2022-1037

security.gentoo.org/glsa/202311-09

veracode 1

cbl_mariner 4

debiancve 1

cve 1

redhatcve 1

osv 12

alpinelinux 1

ubuntucve 1

ibm 22

cnvd 1

nvd 1

cvelist 1

nessus 59

openvas 15

amazon 2

fedora 2

almalinux 5

rocky 2

photon 7

freebsd 1

oraclelinux 8

suse 2

altlinux 1

redhat 32

mageia 1

ubuntu 2

gentoo 1

oracle 1

veracode

Denial Of Service (DoS)

2022-10-14 11:54:03

cbl_mariner

CVE-2022-2879 affecting package ig for versions less than 0.29.0-1

2024-06-21 09:32:44

CVE-2022-2879 affecting package golang for versions less than 1.19.10-1

2024-02-25 03:00:06

CVE-2022-2879 affecting package cri-o for versions less than 1.30.1-1

2024-06-21 09:32:44

debiancve

CVE-2022-2879

2022-10-14 15:15:17

cve

CVE-2022-2879

2022-10-14 15:15:17

redhatcve

CVE-2022-2879

2023-02-09 21:20:08

osv

CVE-2022-2879

2022-10-14 15:15:17

Unbounded memory consumption when reading headers in archive/tar

2022-10-06 16:26:05

BIT-golang-2022-2879

2024-03-06 11:01:17

alpinelinux

CVE-2022-2879

2022-10-14 15:15:17

ubuntucve

CVE-2022-2879

2022-10-14 00:00:00

ibm

Security Bulletin: IBM Edge Application Manager 4.5.1 addresses security vulnerability listed in CVE below.

2023-07-19 00:00:16

Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands may be vulnerable to denial of service due to [CVE-2022-2879]

2023-01-26 15:21:28

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Golang Go (CVE-2022-2879)

2023-02-01 16:01:37

cnvd

Google Golang Denial of Service Vulnerability

2022-10-11 00:00:00

nvd

CVE-2022-2879

2022-10-14 15:15:17

cvelist

CVE-2022-2879 Unbounded memory consumption when reading headers in archive/tar

2022-10-14 00:00:00

nessus

Fedora 36 : golang (2022-0e313cc582)

2022-12-23 00:00:00

Amazon Linux 2 : golist (ALAS-2023-1913)

2023-01-23 00:00:00

Oracle Linux 9 : go-toolset / and / golang (ELSA-2023-0328)

2023-01-24 00:00:00

openvas

Fedora: Security Advisory for golang (FEDORA-2022-0e313cc582)

2022-10-15 00:00:00

Fedora: Security Advisory for golang (FEDORA-2022-59a20edab2)

2022-10-18 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:3669-1)

2022-10-20 00:00:00

amazon

Important: golist

2023-01-18 00:17:00

Important: golang

2022-12-01 20:31:00

fedora

[SECURITY] Fedora 36 Update: golang-1.18.7-1.fc36

2022-10-14 13:01:37

[SECURITY] Fedora 37 Update: golang-1.19.2-1.fc37

2022-10-17 22:55:43

almalinux

Moderate: go-toolset and golang security and bug fix update

2023-01-23 00:00:00

Moderate: go-toolset:rhel8 security and bug fix update

2023-01-25 00:00:00

Moderate: Image Builder security, bug fix, and enhancement update

2023-05-16 00:00:00

rocky

go-toolset and golang security and bug fix update

2023-01-23 14:30:17

go-toolset:rhel8 security and bug fix update

2023-01-25 08:59:15

photon

Important Photon OS Security Update - PHSA-2022-0273

2022-11-02 00:00:00

Important Photon OS Security Update - PHSA-2022-4.0-0273

2022-11-02 00:00:00

Important Photon OS Security Update - PHSA-2022-3.0-0478

2022-10-27 00:00:00

freebsd

go -- multiple vulnerabilities

2022-10-04 00:00:00

oraclelinux

go-toolset and golang security and bug fix update

2023-01-24 00:00:00

go-toolset:ol8 security and bug fix update

2023-01-26 00:00:00

Image Builder security, bug fix, and enhancement update

2023-05-15 00:00:00

suse

Security update for go1.18 (important)

2022-10-20 00:00:00

Security update for go1.19 (important)

2022-10-20 00:00:00

altlinux

Security fix for the ALT Linux 10 package golang version 1.18.7-alt1

2022-10-18 00:00:00

redhat

(RHSA-2023:0445) Moderate: go-toolset-1.18 security update

2023-01-25 08:25:10

(RHSA-2023:0708) Moderate: Release of OpenShift Serverless Client kn 1.27.0

2023-02-09 09:22:38

(RHSA-2023:2780) Moderate: Image Builder security, bug fix, and enhancement update

2023-05-16 05:54:33

mageia

Updated golang packages fix security vulnerability

2022-10-19 02:14:56

ubuntu

Go vulnerabilities

2024-01-09 00:00:00

Go vulnerabilities

2023-04-25 00:00:00

gentoo

Go: Multiple Vulnerabilities

2023-11-25 00:00:00

oracle

Oracle Critical Patch Update Advisory - April 2023

2023-04-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.0%

JSON

Related for PRION:CVE-2022-2879