| Vulnerability Name: | CVE-2022-24921 (CCN-221503) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2022-03-03 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Published: | 2022-03-03 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Updated: | 2023-04-20 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Summary: | Golang Go is vulnerable to a denial of service, caused by improper input validation. By using a specially-crafted deeply nested expression, a remote attacker could exploit this vulnerability to cause a goroutine stack exhaustion, and results in a denial of service condition. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
6.5 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2022-24921 Source: cve@mitre.org Type: UNKNOWN cve@mitre.org Source: XF Type: UNKNOWN golang-cve202224921-dos(221503) Source: CCN Type: Go GIT Repository regexp: stack overflow (process exit) handling deeply nested regexp #51112 Source: CCN Type: Google Groups Web site Go 1.17.8 and Go 1.16.15 are released Source: cve@mitre.org Type: Issue Tracking, Mailing List, Release Notes, Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: Mailing List, Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: Mailing List, Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: UNKNOWN cve@mitre.org Source: cve@mitre.org Type: Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: Third Party Advisory cve@mitre.org Source: CCN Type: IBM Security Bulletin 6570629 (Cloud Pak for Integration) Operations Dashboard is vulnerable to Go CVE-2022-24921 Source: CCN Type: IBM Security Bulletin 6570679 (Security Guardium Insights) IBM Security Guardium Insights is affected by multiple vulnerabilities Source: CCN Type: IBM Security Bulletin 6576217 (Spectrum Protect Plus Container Backup and Restore for Kubernetes) Denial of Service Vulnerability in Golang Go affects IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and Red Hat OpenShift (CVE-2022-24921) Source: CCN Type: IBM Security Bulletin 6585720 (Platform Navigator in Cloud Pak for Integration) Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to stack exhaustion by Go CVE-2022-24921 Source: CCN Type: IBM Security Bulletin 6602587 (Event Streams) Vulnerabilities in the Golang language affect IBM Event Streams (CVE-2022-24921) Source: CCN Type: IBM Security Bulletin 6606927 (Cloud Automation Manager) A security vulnerability in GO affects IBM Cloud Automation Manager Source: CCN Type: IBM Security Bulletin 6610297 (Watson Speech Services Cartridge for Cloud Pak for Data) IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Golang Go (CVE-2022-24921). Source: CCN Type: IBM Security Bulletin 6611147 (MQ Operator) IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from Golang Go, libxml2, curl, expat, libgcrypt and IBM WebSphere Application Server Liberty Source: CCN Type: IBM Security Bulletin 6612805 (Cloud Pak System Software) Multiple vulnerabilities in Golang Go affect Cloud Pak System Source: CCN Type: IBM Security Bulletin 6615221 (Robotic Process Automation for Cloud Pak) Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak Source: CCN Type: IBM Security Bulletin 6620897 (Watson Discovery) IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Go Source: CCN Type: IBM Security Bulletin 6621977 (Cloud Pak for Multicloud Management) A security vulnerability in GO affects IBM Cloud Pak for Multicloud Management Managed Services Source: CCN Type: IBM Security Bulletin 6831799 (Cloud Transformation Advisor) IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities Source: CCN Type: IBM Security Bulletin 6831813 (Netcool Operations Insight) Netcool Operations Insight v1.6.6 contains fixes for multiple security vulnerabilities. Source: CCN Type: IBM Security Bulletin 6837269 (App Connect Enterprise Certified Container) IBM App Connect Enterprise Certified Container operator and IntegrationServer operands may be vulnerable to denial of service due to CVE-2022-24921 Source: CCN Type: IBM Security Bulletin 6891117 (Cloud Pak for Multicloud Management Monitoring) IBM Cloud Pak for Multicloud Management Monitoring has applied security fixes for its use of Golang Go (CVE-2022-24921, CVE-2022-28327, CVE-2022-24675) Source: CCN Type: IBM Security Bulletin 6956311 (Cloud Pak for Multicloud Management) Multiple Vulnerabilities in Multicloud Management Security Services | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration RedHat 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||