CVE-2022-30631

Summary

Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files.

Affected Software

VendorProductVersion RangeStatus
Go standard librarycompress/gzip0 < 1.17.12affected
Go standard librarycompress/gzip1.18.0-0 < 1.18.4affected

Weaknesses

  • CWE-674: Uncontrolled Recursion

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References