CVE-2022-1962

Summary

Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.

Affected Software

VendorProductVersion RangeStatus
Go standard librarygo/parser0 < 1.17.12affected
Go standard librarygo/parser1.18.0-0 < 1.18.4affected

Weaknesses

  • CWE-674: Uncontrolled Recursion

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References