1. Home
  2. Vulnerabilities
  3. CVE-2022-24921

CVE-2022-24921

CVSS v3.1 7.5 (High)
75% Progress
CVSS v2.0 5 (Medium)
50% Progress
EPSS 0.37 % (73th)
0.37% Progress
Affected Products 3
Advisories 17
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.

Weaknesses
CWE-400
Uncontrolled Resource Consumption
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2022-03-05 20:15:08
(2 years ago)
Updated Date
2023-04-20 00:15:07
(17 months ago)

Affected Products

Debian

Golang

Netapp

Configuration #1

    CPE23 From Up To
  Golang Go prior 1.16.15 version cpe:2.3:a:golang:go < 1.16.15
  Golang Go from 1.17 version and prior 1.17.8 version cpe:2.3:a:golang:go >= 1.17 < 1.17.8

Configuration #2

    CPE23 From Up To
  Netapp Astra Trident cpe:2.3:a:netapp:astra_trident:-

Configuration #3

    CPE23 From Up To
  Debian Linux 9.0 cpe:2.3:o:debian:debian_linux:9.0