A stack overflow flaw was found in Golang's regexp module, which can crash the runtime if the application using regexp accepts very long or arbitrarily long regexps from untrusted sources that have sufficient nesting depths. To exploit this vulnerability, an attacker would need to send large regexps with deep nesting to the application. Triggering this flaw leads to a crash of the runtime, which causes a denial of service.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | golang | 2022-09-15 03:57 | ALAS-2022-1635 |
Amazon Linux 2 - Core | golang | 2022-04-25 03:47 | ALAS2-2022-1776 |
Amazon Linux 2 - Core | golang | 2022-07-06 03:11 | ALAS2-2022-1811 |
Amazon Linux 2 - Core | golang | 2022-07-28 21:55 | ALAS2-2022-1830 |
Amazon Linux 2023 | golang | 2023-02-17 20:45 | ALAS2023-2023-048 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
NVD | CVSSv2 | 5.0 | AV:N/AC:L/Au:N/C:N/I:N/A:P |
NVD | CVSSv3 | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |