Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2022-30629

Published: 10/08/2022 Updated: 07/11/2023
CVSS v3 Base Score: 3.1 | Impact Score: 1.4 | Exploitability Score: 1.6
VMScore: 0
Subscribe to Golang

Vulnerability Summary

A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. (CVE-2022-1705) A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an malicious user to impact system availability. (CVE-2022-1962) Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0. (CVE-2022-1996) A buffer overflow flaw was found in Golang's library encoding/pem. This flaw allows an malicious user to use a large PEM input (more than 5 MB) ), causing a stack overflow in Decode, which leads to a loss of availability. (CVE-2022-24675) A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentification with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an malicious user to crash the server, resulting in a loss of availability. (CVE-2022-27191) A flaw was found in golang encoding/xml. When calling Decoder.Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an malicious user to impact system availability. (CVE-2022-28131) An integer overflow flaw was found in Golang's crypto/elliptic library. This flaw allows an malicious user to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability. (CVE-2022-28327) A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an malicious user to check the process group permissions rather than a member of the file's group, affecting system availability. (CVE-2022-29526) Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption. (CVE-2022-30629) A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an malicious user to impact availability. (CVE-2022-30630) A flaw was found in golang. Calling the Reader.Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion. (CVE-2022-30631) A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an malicious user to impact availability. (CVE-2022-30632) Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an malicious user to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the any field tag. (CVE-2022-30633) A flaw was found in golang. When calling Decoder.Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an malicious user to impact system availability. (CVE-2022-30635) Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header. (CVE-2022-32148)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

golang go

Vendor Advisories

Amazon Linux AMI: ALAS-2022-1635
A flaw was found in golang The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid (CVE-2022-1705) A flaw was found in the golang standard library, go/parser When callin ...
Red Hat: Important: Red Hat Advanced Cluster Management 2.7.0 security and bug fix updates
概要 Important: Red Hat Advanced Cluster Management 270 security and bug fix updates タイプ/重大度 Security Advisory: Important トピック Red Hat Advanced Cluster Management for Kubernetes 270 GeneralAvailability release images, which provide security updates and fix bugsRed Hat Product Security has rated this update as having ...
Red Hat: Important: Red Hat OpenStack Platform (etcd) security update
Synopsis Important: Red Hat OpenStack Platform (etcd) security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for etcd is now available for Red Hat OpenStack PlatformRed Hat Product Security has rated t ...
Red Hat: Moderate: container-tools:rhel8 security, bug fix, and enhancement update
Synopsis Moderate: container-tools:rhel8 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linu ...
Red Hat: Moderate: podman security and bug fix update
Synopsis Moderate: podman security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for podman is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as h ...
Red Hat: Low: OpenShift Container Platform 4.11.5 packages and security update
Synopsis Low: OpenShift Container Platform 4115 packages and security update Type/Severity Security Advisory: Low Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 4115 is now available withupdates to packages and ima ...
Red Hat: Low: OpenShift Container Platform 4.11.1 packages and security update
Synopsis Low: OpenShift Container Platform 4111 packages and security update Type/Severity Security Advisory: Low Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 4111 is now available withupdates to packages and ima ...
Red Hat: Moderate: OpenShift Container Platform 4.11.1 bug fix and security update
Synopsis Moderate: OpenShift Container Platform 4111 bug fix and security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4111 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Cont ...
Red Hat: Important: Red Hat OpenShift Enterprise security update
Synopsis Important: Red Hat OpenShift Enterprise security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 41144 is now available with updates to packages and images th ...
Red Hat: Moderate: Red Hat OpenShift support for Windows Containers 6.0.1[security update]
Synopsis Moderate: Red Hat OpenShift support for Windows Containers 601[security update] Type/Severity Security Advisory: Moderate Topic The components for Red Hat OpenShift support for Windows Containers 601 are now available This product release includes bug fixes and security update for the following packages: windows-machine-config-o ...
Red Hat: Important: Release of OpenShift Serverless Client kn 1.24.0
Synopsis Important: Release of OpenShift Serverless Client kn 1240 Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Release of OpenShift Serverless Client kn 1240Red Hat Product Security has rated this update as having ...
Red Hat: Moderate: Gatekeeper Operator v0.2 security and container updates
Synopsis Moderate: Gatekeeper Operator v02 security and container updates Type/Severity Security Advisory: Moderate Topic Gatekeeper Operator v02 security updatesRed Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity ratin ...
Red Hat: Moderate: Multicluster Engine for Kubernetes 2.1 security updates and bug fixes
Synopsis Moderate: Multicluster Engine for Kubernetes 21 security updates and bug fixes Type/Severity Security Advisory: Moderate Topic Multicluster Engine v21Red Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, ...
Red Hat: Moderate: VolSync 0.5 security fixes and updates
Synopsis Moderate: VolSync 05 security fixes and updates Type/Severity Security Advisory: Moderate Topic VolSync v05Red Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the ...
Red Hat: Moderate: RHSA: Submariner 0.13 - security and enhancement update
Synopsis Moderate: RHSA: Submariner 013 - security and enhancement update Type/Severity Security Advisory: Moderate Topic Submariner 013 packages that fix security issues and bugs, as well as adds various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 26Red Hat Product Security has rated ...
Red Hat: Moderate: OpenShift API for Data Protection (OADP) 1.0.4 security and bug fix update
Synopsis Moderate: OpenShift API for Data Protection (OADP) 104 security and bug fix update Type/Severity Security Advisory: Moderate Topic OpenShift API for Data Protection (OADP) 104 is now availableRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...
Red Hat: Moderate: Red Hat OpenShift Service Mesh 2.1.5 security update
Synopsis Moderate: Red Hat OpenShift Service Mesh 215 security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Service Mesh 215Red Hat Product Security has rated this update as having a securit ...
Red Hat: Moderate: OpenShift Virtualization 4.12.0 RPMs security update
Synopsis Moderate: OpenShift Virtualization 4120 RPMs security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Updated release packages that fix several bugs and add various enhancements are now availableRed Hat ...
Red Hat: Moderate: Red Hat Advanced Cluster Management 2.6.0 security updates and bug fixes
Synopsis Moderate: Red Hat Advanced Cluster Management 260 security updates and bug fixes Type/Severity Security Advisory: Moderate Topic Red Hat Advanced Cluster Management for Kubernetes 260 GeneralAvailability release images, which fix security issues and bugsRed Hat Product Security has rated this update as having a security impactof ...
Red Hat: Important: Red Hat Ceph Storage 6.1 Container security and bug fix update
Synopsis Important: Red Hat Ceph Storage 61 Container security and bug fix update Type/Severity Security Advisory: Important Topic A new container image for Red Hat Ceph Storage 61 is now available in the Red Hat Ecosystem CatalogRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability ...
Red Hat: Important: Secondary Scheduler Operator for Red Hat OpenShift 1.1.0 security update
Synopsis Important: Secondary Scheduler Operator for Red Hat OpenShift 110 security update Type/Severity Security Advisory: Important Topic Secondary Scheduler Operator for Red Hat OpenShift 110Red Hat Product Security has rated this update as having a security impact ofImportant A Common Vulnerability Scoring System (CVSS) base score, w ...
Red Hat: Moderate: OpenShift API for Data Protection (OADP) 1.1.0 security and bug fix update
Synopsis Moderate: OpenShift API for Data Protection (OADP) 110 security and bug fix update Type/Severity Security Advisory: Moderate Topic OpenShift API for Data Protection (OADP) 110 is now availableRed Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring System (CVSS) base s ...
Red Hat: Important: Release of OpenShift Serverless 1.24.0
Synopsis Important: Release of OpenShift Serverless 1240 Type/Severity Security Advisory: Important Topic Release of OpenShift Serverless 1240The References section contains CVE links providing detailed severity ratingsfor each vulnerability Ratings are based on a Common Vulnerability ScoringSystem (CVSS) base score Description Versio ...
Red Hat: Important: Migration Toolkit for Containers (MTC) 1.7.4 security and bug fix update
Synopsis Important: Migration Toolkit for Containers (MTC) 174 security and bug fix update Type/Severity Security Advisory: Important Topic The Migration Toolkit for Containers (MTC) 174 is now availableRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) ba ...
Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.7.6 security and bug fix update
Synopsis Moderate: Migration Toolkit for Containers (MTC) 176 security and bug fix update Type/Severity Security Advisory: Moderate Topic The Migration Toolkit for Containers (MTC) 176 is now availableRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...
Red Hat: Important: OpenShift Container Platform 4.13.2 bug fix and security update
Synopsis Important: OpenShift Container Platform 4132 bug fix and security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 4132 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift C ...
Red Hat: Important: OpenShift Virtualization 4.12.0 Images security update
Synopsis Important: OpenShift Virtualization 4120 Images security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Virtualization release 412 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security impact of ...
Red Hat: Critical: Red Hat Advanced Cluster Management 2.4.6 security update and bug fixes
Synopsis Critical: Red Hat Advanced Cluster Management 246 security update and bug fixes Type/Severity Security Advisory: Critical Topic Red Hat Advanced Cluster Management for Kubernetes 246 GeneralAvailability release images, which fix bugs and update container imagesRed Hat Product Security has rated this update as having a security i ...
Red Hat: Moderate: OpenShift Container Platform 4.11.5 bug fix and security update
Synopsis Moderate: OpenShift Container Platform 4115 bug fix and security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4115 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Cont ...
Red Hat: Moderate: OpenShift Virtualization 4.11.1 security and bug fix update
Synopsis Moderate: OpenShift Virtualization 4111 security and bug fix update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Virtualization release 4111 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security impac ...
Amazon Linux 2: ALAS2-2022-1847
A flaw was found in golang The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid (CVE-2022-1705) A flaw was found in the golang standard library, go/parser When callin ...
Amazon Linux 2: ALAS2DOCKER-2022-020
A flaw was found in golang The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid (CVE-2022-1705) A flaw was found in the golang standard library, go/parser When callin ...
Amazon Linux 2: ALAS2-2022-1846
A flaw was found in golang The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid (CVE-2022-1705) A flaw was found in the golang standard library, go/parser When callin ...
Amazon Linux 2: ALAS2-2022-1862
A flaw was found in golang The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid (CVE-2022-1705) A flaw was found in the golang standard library, go/parser When callin ...
Amazon Linux 2: ALAS2-2022-1863
A flaw was found in golang The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid (CVE-2022-1705) A flaw was found in the golang standard library, go/parser When callin ...
Amazon Linux 2: ALAS2-2022-1861
A flaw was found in golang The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid (CVE-2022-1705) A flaw was found in the golang standard library, go/parser When callin ...
Amazon Linux 2: ALAS2-2022-1858
A flaw was found in golang The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid (CVE-2022-1705) A flaw was found in the golang standard library, go/parser When callin ...
Amazon Linux 2: ALAS2-2022-1859
A flaw was found in golang The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid (CVE-2022-1705) A flaw was found in the golang standard library, go/parser When callin ...
Amazon Linux 2: ALAS2-2022-1864
A flaw was found in golang The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid (CVE-2022-1705) A flaw was found in the golang standard library, go/parser When callin ...
Amazon Linux 2: ALAS2-2022-1865
A flaw was found in golang The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid (CVE-2022-1705) A flaw was found in the golang standard library, go/parser When callin ...
Amazon Linux 2: ALAS2-2022-1860
A flaw was found in golang The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid (CVE-2022-1705) A flaw was found in the golang standard library, go/parser When callin ...
Amazon Linux 2022: ALAS2022-2022-192
A flaw was found in golang The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid (CVE-2022-1705) A flaw was found in the golang standard library, go/parser When callin ...
Amazon Linux 2022: ALAS2022-2022-140
A flaw was found in golang The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid (CVE-2022-1705) A flaw was found in the golang standard library, go/parser When callin ...
Amazon Linux 2022: ALAS2022-2022-133
A flaw was found in golang The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid (CVE-2022-1705) A flaw was found in the golang standard library, go/parser When callin ...

References

CWE-330https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJhttps://go.dev/issue/52814https://go.googlesource.com/go/+/fe4de36198794c447fbd9d7cc2d7199a506c76a5https://go.dev/cl/405994https://pkg.go.dev/vuln/GO-2022-0531https://nvd.nist.govhttps://alas.aws.amazon.com/ALAS-2022-1635.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000CVE-2024-4439unauthorizedCVE-2024-0042CVE-2024-31848CVE-2023-40694cache poisoningCVE-2024-23707firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook