MGASA-2022-0126 - Updated golang packages fix security vulnerability Publication date: 31 Mar 2022 URL: https://advisories.mageia.org/MGASA-2022-0126.html Type: security Affected Mageia releases: 8 CVE: CVE-2022-24921 On 64-bit platforms, an extremely deeply nested expression can cause regexp.Compile to cause goroutine stack exhaustion, forcing the program to exit. Note this applies to very large expressions, on the order of 2MB. (CVE-2022-24921) References: - https://bugs.mageia.org/show_bug.cgi?id=30217 - https://go.dev/issue/51112 - https://go.dev/doc/devel/release.html#go1.17.minor - https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24921 SRPMS: - 8/core/golang-1.17.8-1.mga8
Mageia 2022-0126: golang security update
On 64-bit platforms, an extremely deeply nested expression can cause regexp.Compile to cause goroutine stack exhaustion, forcing the program to exit
Summary
On 64-bit platforms, an extremely deeply nested expression can cause
regexp.Compile to cause goroutine stack exhaustion, forcing the program to
exit. Note this applies to very large expressions, on the order of 2MB.
(CVE-2022-24921)
References
- https://bugs.mageia.org/show_bug.cgi?id=30217
- https://go.dev/issue/51112
- https://go.dev/doc/devel/release.html#go1.17.minor
- https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24921
Resolution
MGASA-2022-0126 - Updated golang packages fix security vulnerability
SRPMS
- 8/core/golang-1.17.8-1.mga8
Severity
Publication date: 31 Mar 2022
URL: https://advisories.mageia.org/MGASA-2022-0126.html
Type: security
CVE: CVE-2022-24921
News
HOWTOs
Features
About Us
Powered By
