1. Home
  2. Vulnerabilities
  3. CVE-2022-41715

CVE-2022-41715

CVSS v3.1 7.5 (High)
75% Progress
EPSS 0.22 % (60th)
0.22% Progress
Affected Products 1
Advisories 60
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected.

Weaknesses
CWE-NVD-Other
CVE Status
PUBLISHED
CNA
Go Project
Published Date
2022-10-14 15:16:20
(23 months ago)
Updated Date
2023-11-25 11:15:09
(9 months ago)

Affected Products

Golang

Configuration #1

    CPE23 From Up To
  Golang Go prior 1.18.7 version cpe:2.3:a:golang:go < 1.18.7
  Golang Go from 1.19.0 version and prior 1.19.2 version cpe:2.3:a:golang:go >= 1.19.0 < 1.19.2