Published: 16/02/2023 Updated: 27/02/2023

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 0

HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0.

Vulnerable Product	Search on Vulmon	Subscribe to Product
hashicorp go-getter
hashicorp go-getter 2.1.1

Synopsis Moderate: OpenShift Security Profiles Operator bug fix update Type/Severity Security Advisory: Moderate Topic An updated Security Profiles Operator image that fixes various bugs is now available for the Red Hat OpenShift Enterprise 4 catalog Description The OpenShift Security Profiles Operator v070 is now available See the docu ...

Debian Bug report logs - #1032100 golang-github-hashicorp-go-getter: CVE-2023-0475 Package: src:golang-github-hashicorp-go-getter; Maintainer for src:golang-github-hashicorp-go-getter is Debian Go Packaging Team <pkg-go-maintainers@listsaliothdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Mon, 2 ...

DescriptionA flaw was found in the HashiCorp go-getter package Affected versions of the HashiCorp go-getter package are vulnerable to a denial of service via a malicious compressed archiveA flaw was found in the HashiCorp go-getter package Affected versions of the HashiCorp go-getter package are vulnerable to a denial of service via a mal ...

NVD-CWE-Other https://discuss.hashicorp.com/t/hcsec-2023-4-go-getter-vulnerable-to-denial-of-service-via-malicious-compressed-archive/50125 https://access.redhat.com/errata/RHSA-2023:2029 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2023-0475

CVE-2023-0475

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect