Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 620
Alerts This Week
Warning Icon 1 620

Mageia: 2022-0126 Moderate: Golang Stack Exhaustion in 64-bit Systems

mageia
Calendar Grey March 31, 2022
Dist Mageia Esm H88
Updates have been made to the Golang software packages for Mageia, addressing a stack overflow problem caused by deeply nested function calls, released on April 1, 2022.
On 64-bit platforms, an extremely deeply nested expression can cause regexp.Compile to cause goroutine stack exhaustion, forcing the program to exit

Summary

On 64-bit platforms, an extremely deeply nested expression can cause regexp.Compile to cause goroutine stack exhaustion, forcing the program to exit. Note this applies to very large expressions, on the order of 2MB. (CVE-2022-24921)

References

- https://bugs.mageia.org/show_bug.cgi?id=30217

- https://github.com/golang/go/issues/51112

- https://go.dev/doc/devel/release

- https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk

- https://www.cve.org/CVERecord?id=CVE-2022-24921

Resolution

SRPMS

- 8/core/golang-1.17.8-1.mga8

Publication date: 31 Mar 2022
URL: https://advisories.mageia.org/MGASA-2022-0126.html
Type: security
CVE: CVE-2022-24921

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.