CVE-2022-30634

Aliases:GO-2022-0477BIT-golang-2022-30634

Advisory lineage Upstream: 0 Downstream: 6

Downstream

OPENSUSE-SU-2024:12123-1 OPENSUSE-SU-2024:12124-1 SUSE-SU-2022:2004-1 SUSE-SU-2022:2005-1 SUSE-SU-2023:2312-1 UBUNTU-CVE-2022-30634

Modified

Published: 15 Jul 2022, 19:36

Last modified:03 Aug 2024, 06:56

Vulnerability Summary

Overall Risk (default)

medium

40/100

CVSS Score

7.5 HIGH

v3.1 (nvd)

EPSS Score

0.08% LOW

0% probability +0.05%

KEV

Not listed

Ransomware

No reports

Public exploits

1 found

Dark Web

Not detected

Timeline

15 Jul 2022, 19:36

Published

Vulnerability first disclosed

03 Aug 2024, 06:56

Last Modified

Vulnerability information updated

Description

Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.

CVSS Metrics

v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.08%• Percentile: 23%

Techniques & Countermeasures

CWE-835•Loop with Unreachable Exit Condition ('Infinite Loop')
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Affected Systems

go standard library•crypto/rand
< 1.17.11 | ≥ 1.18.0-0, < 1.18.3
golang•go
< 1.17.11 | ≥ 1.18.0, < 1.18.3
Go•stdlib
≥ 1.18.0-0, < 1.18.3
netapp•cloud_insights_telegraf_agent
na