CVE-2022-30632

Published: Aug 9, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.

Vendor	Product	Versions
Go standard library	path/filepath	affected `0 - < 1.17.12` affected `1.18.0-0 - < 1.18.4`

References

https://go.dev/cl/417066

https://go.googlesource.com/go/+/ac68c6c683409f98250d34ad282b9e1b0c9095ef

https://go.dev/issue/53416

https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE

https://pkg.go.dev/vuln/GO-2022-0522

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-30632

Description

Affected Products

References