| Vulnerability Name: | CVE-2022-24675 (CCN-224866) | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2022-04-12 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| Published: | 2022-04-12 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| Updated: | 2022-10-05 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| Summary: | encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data. | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
6.5 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-770 CWE-120 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2022-24675 Source: XF Type: UNKNOWN golang-cve202224675-dos(224866) Source: CCN Type: Golang Web site Go Source: MISC Type: Mailing List, Vendor Advisory https://groups.google.com/g/golang-announce Source: CONFIRM Type: Mailing List, Release Notes, Vendor Advisory https://groups.google.com/g/golang-announce/c/oecdBNLOml8 Source: CCN Type: Google Groups Web site Go 1.18.1 and Go 1.17.9 are released Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2022-a49babed75 Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2022-c0f780ecf1 Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2022-e46e6e8317 Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2022-30c5ed5625 Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2022-ba365d3703 Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2022-fae3ecee19 Source: GENTOO Type: Third Party Advisory GLSA-202208-02 Source: CONFIRM Type: Third Party Advisory https://security.netapp.com/advisory/ntap-20220915-0010/ Source: CCN Type: IBM Security Bulletin 6594819 (Cloud Pak for Integration) Operations Dashboard is vulnerable to denial of service by Go vulnerability CVE-2022-24675 Source: CCN Type: IBM Security Bulletin 6596895 (Spectrum Protect Plus) Vulnerabilities in Golang Go and MinIO may affect IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and Red Hat OpenShift (CVE-2022-24842,CVE-2021-38561,CVE-2021-43565,CVE-2022-28327,CVE-2022-24675,CVE-2022-27536) Source: CCN Type: IBM Security Bulletin 6603007 (Event Streams) Vulnerabilities in the Golang language affect IBM Event Streams (CVE-2022-28327, CVE-2022-24675, CVE-2022-27536) Source: CCN Type: IBM Security Bulletin 6606929 (Cloud Automation Manager) A security vulnerability in GO affects IBM Cloud Automation Manager Source: CCN Type: IBM Security Bulletin 6610295 (Watson Speech Services Cartridge for Cloud Pak for Data) IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Golang Go (CVE-2022-24675) Source: CCN Type: IBM Security Bulletin 6611147 (MQ Operator) IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from Golang Go, libxml2, curl, expat, libgcrypt and IBM WebSphere Application Server Liberty Source: CCN Type: IBM Security Bulletin 6612805 (Cloud Pak System Software) Multiple vulnerabilities in Golang Go affect Cloud Pak System Source: CCN Type: IBM Security Bulletin 6615221 (Robotic Process Automation for Cloud Pak) Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak Source: CCN Type: IBM Security Bulletin 6619905 (Spectrum Copy Data Management) Vulnerabilities in Golang Go, PostgreSQL, jQuery, and Google Gson may affect IBM Spectrum Copy Data Management Source: CCN Type: IBM Security Bulletin 6619915 (Spectrum Protect Plus) Vulnerabilities in Linux Kernel, OpenSSL, Golang Go, and Zlib may affect IBM Spectrum Protect Plus Source: CCN Type: IBM Security Bulletin 6620897 (Watson Discovery) IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Go Source: CCN Type: IBM Security Bulletin 6621973 (Cloud Pak for Multicloud Management) A security vulnerability in GO affects IBM Cloud Pak for Multicloud Management Managed Services Source: CCN Type: IBM Security Bulletin 6827815 (Cloud Pak for Integration) Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple Go vulnerabilities Source: CCN Type: IBM Security Bulletin 6831799 (Cloud Transformation Advisor) IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities Source: CCN Type: IBM Security Bulletin 6831813 (Netcool Operations Insight) Netcool Operations Insight v1.6.6 contains fixes for multiple security vulnerabilities. Source: CCN Type: IBM Security Bulletin 6837267 (App Connect Enterprise Certified Container) IBM App Connect Enterprise Certified Container operator and IntegrationServer operands may be vulnerable to denial of service due to CVE-2022-24675 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||||||||||||||||||