CVE-2022-24921

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-24921

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-24921.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-24921

Aliases

Downstream

BELL-CVE-2022-24921

DEBIAN-CVE-2022-24921

DLA-2985-1

DLA-2986-1

DLA-3395-1

OESA-2022-1590

OESA-2025-1122

OESA-2025-1123

RHSA-2022:5068

RHSA-2022:5337

RHSA-2022:5415

RHSA-2022:5729

RHSA-2022:5799

RHSA-2022:6042

RHSA-2022:6277

RHSA-2023:0407

RLSA-2022:5337

RLSA-2022:5799

SUSE-SU-2022:1164-1

SUSE-SU-2022:1167-1

UBUNTU-CVE-2022-24921

openSUSE-SU-2024:11892-1

openSUSE-SU-2024:11893-1

Related

Published

2022-03-05T20:15:08.323Z

Modified

2026-02-02T21:33:36.169430Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.

References

Affected packages

Git / github.com/golang/go

Affected ranges

Type: GIT
Repo: https://github.com/golang/go
Events: Introduced

ec5170397c724a8ae440b2bc529f857c86f0e6b1

Fixed

7dd10d4ce20e64d96a10cb67794851a58d96a2aa

Fixed

7de0c90a1771146bcba5663fb257c52acffe6161

Affected versions

go1.*

go1.17

go1.17.1

go1.17.2

go1.17.3

go1.17.4

go1.17.5

go1.17.6

go1.17.7

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-24921.json"