SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2022-24675

Date: (C)2022-04-20 (M)2024-05-08

encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:		CVSS V2 Severity:
CVSS Score : 7.5		CVSS Score : 5.0
Exploit Score: 3.9		Exploit Score: 10.0
Impact Score: 3.6		Impact Score: 2.9

CVSS V3 Metrics:		CVSS V2 Metrics:
Attack Vector: NETWORK		Access Vector: NETWORK
Attack Complexity: LOW		Access Complexity: LOW
Privileges Required: NONE		Authentication: NONE
User Interaction: NONE		Confidentiality: NONE
Scope: UNCHANGED		Integrity: NONE
Confidentiality: NONE		Availability: PARTIAL
Integrity: NONE
Availability: HIGH

Reference:

FEDORA-2022-30c5ed5625

FEDORA-2022-a49babed75

FEDORA-2022-ba365d3703

FEDORA-2022-c0f780ecf1

FEDORA-2022-e46e6e8317

FEDORA-2022-fae3ecee19

https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf

https://groups.google.com/g/golang-announce

https://groups.google.com/g/golang-announce/c/oecdBNLOml8

https://security.netapp.com/advisory/ntap-20220915-0010/

cpe:/a:golang:go

OVAL 745

oval:org.secpod.oval:def:3300924
oval:org.secpod.oval:def:1700993
oval:org.secpod.oval:def:2107750
oval:org.secpod.oval:def:122204
...

© SecPod Technologies