Vulnerability Report: GO-2022-0433
standard library- CVE-2022-24675
- Affects: encoding/pem
- Published: May 20, 2022
- Modified: May 20, 2024
encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.
Affected Packages
-
PathGo VersionsSymbols
-
before go1.17.9, from go1.18.0-0 before go1.18.1
Aliases
References
- https://go.dev/cl/399820
- https://go.googlesource.com/go/+/45c3387d777caf28f4b992ad9a6216e3085bb8fe
- https://go.dev/issue/51853
- https://groups.google.com/g/golang-announce/c/oecdBNLOml8
- https://vuln.go.dev/ID/GO-2022-0433.json
Credits
- Juho Nurminen of Mattermost
Feedback
See anything missing or incorrect?
Suggest an edit to this report.