Mageia 8 MGASA-2022-0171 Critical: Golang Stack Overflow

mageia

May 12, 2022

encoding/pem: fix stack overflow in Decode

Summary

encoding/pem: fix stack overflow in Decode. A large (more than 5 MB) PEM input can cause a stack overflow in Decode, leading the program to crash (CVE-2022-24675)
crypto/elliptic: tolerate all oversized scalars in generic P-256. A crafted scalar input longer than 32 bytes can cause P256().ScalarMult or P256().ScalarBaseMult to panic. Indirect uses through crypto/ecdsa and crypto/tls are unaffected. amd64, arm64, ppc64le, and s390x are unaffected. (CVE-2022-28327)

References

- https://bugs.mageia.org/show_bug.cgi?id=30362

- https://www.cve.org/CVERecord?id=CVE-2022-24675

- https://www.cve.org/CVERecord?id=CVE-2022-28327

Topics Covered

security advisory critical security fix stack overflow golang mageia pem issue

Resolution

SRPMS

- 8/core/golang-1.17.9-1.mga8

Severity

critical

Lowest

Low

Medium

High

Critical

Publication date: 12 May 2022

URL: https://advisories.mageia.org/MGASA-2022-0171.html

Type: security

CVE: CVE-2022-24675, CVE-2022-28327

Topics Covered

security advisory critical security fix stack overflow golang mageia pem issue

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Mageia 8 MGASA-2022-0171 Critical: Golang Stack Overflow

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Mageia 8 MGASA-2022-0171 Critical: Golang Stack Overflow

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!