CVE-2022-30630

Summary

Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators.

Affected Software

VendorProductVersion RangeStatus
Go standard libraryio/fs0 < 1.17.12affected
Go standard libraryio/fs1.18.0-0 < 1.18.4affected

Weaknesses

  • CWE-674: Uncontrolled Recursion

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References