<p>Upgrade <code>Centos:8</code> <code>golang-race</code> to version 0:1.17.10-1.module+el8.6.0+15486+6d4da7db or higher.</p>

Buffer Overflow Affecting golang-race package, versions <0:1.17.10-1.module+el8.6.0+15486+6d4da7db

Threat Intelligence

0.44% (76^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-CENTOS8-GOLANGRACE-2774186
published 22 Apr 2022
disclosed 12 Apr 2022

Report a new vulnerability Found a mistake?

Introduced: 12 Apr 2022

CVE-2022-24675 Open this link in a new tab CWE-120 Open this link in a new tab

How to fix?

Upgrade Centos:8 golang-race to version 0:1.17.10-1.module+el8.6.0+15486+6d4da7db or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream golang-race package and not the golang-race package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.

References

CVSS Scores

version 3.1

Attack Vector (AV)

Network
Attack Complexity (AC)

Low
Privileges Required (PR)

None
User Interaction (UI)

None

Scope (S)

Unchanged

Confidentiality (C)

None
Integrity (I)

None
Availability (A)

High

Buffer Overflow Affecting golang-race package, versions <0:1.17.10-1.module+el8.6.0+15486+6d4da7db

Severity

Based on CentOS security rating