Vulnerability Name: | CVE-2022-30634 (CCN-229860) | ||||||||||||||||||||||||||||||||||||
Assigned: | 2022-06-01 | ||||||||||||||||||||||||||||||||||||
Published: | 2022-06-01 | ||||||||||||||||||||||||||||||||||||
Updated: | 2023-03-01 | ||||||||||||||||||||||||||||||||||||
Summary: | Golang Go is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted request using large buffers, a remote attacker could exploit this vulnerability to cause rand.Read to hang,a and results in a denial of service condition. | ||||||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
| ||||||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
| ||||||||||||||||||||||||||||||||||||
Vulnerability Consequences: | Bypass Security | ||||||||||||||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2022-30634 Source: XF Type: UNKNOWN golang-cve202230634-dos(229860) Source: security@golang.org Type: Patch security@golang.org Source: CCN Type: Golang Web site go1.18.3 (released 2022-06-01) Source: security@golang.org Type: Exploit, Issue Tracking security@golang.org Source: security@golang.org Type: Mailing List, Patch security@golang.org Source: CCN Type: Golang Web page [security] Go 1.18.3 and Go 1.17.11 are released Source: security@golang.org Type: Mailing List, Third Party Advisory security@golang.org Source: security@golang.org Type: Third Party Advisory security@golang.org Source: CCN Type: IBM Security Bulletin 6619905 (Spectrum Copy Data Management) Vulnerabilities in Golang Go, PostgreSQL, jQuery, and Google Gson may affect IBM Spectrum Copy Data Management Source: CCN Type: IBM Security Bulletin 6619915 (Spectrum Protect Plus) Vulnerabilities in Linux Kernel, OpenSSL, Golang Go, and Zlib may affect IBM Spectrum Protect Plus Source: CCN Type: IBM Security Bulletin 6619963 (Spectrum Protect Plus) Vulnerabilities in Golang Go and MinIO may affect IBM Spectrum Plus Container Backup and Restore for Kubernetes and Red Hat OpenShift (CVE-2022-29804, CVE-2022-30580, CVE-2022-30629, CVE-2022-30634, CVE-2022-35919, CVE-2022-31028) Source: CCN Type: IBM Security Bulletin 6620897 (Watson Discovery) IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Go Source: CCN Type: IBM Security Bulletin 6825557 (Event Streams) Multiple vulnerabilities in Golang Go affect IBM Event Streams | ||||||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||
BACK |