[GO-2022-0515] Stack exhaustion due to deeply nested types in go/parser

Severity Medium

Affected Packages 2

Fixed Packages 2

CVEs 1

Calling any of the Parse functions on Go source code which contains deeply
nested types or declarations can cause a panic due to stack exhaustion.

Package	Affected Version
pkg:golang/go/parser	>= 1.18.3, < 1.17.12
pkg:golang/go/parser	>= 1.18.3, < 1.18.4

Package	Fixed Version
pkg:golang/go/parser	= 1.17.12
pkg:golang/go/parser	= 1.18.4

ID

GO-2022-0515

Severity

medium

Severity from

CVE-2022-1962

URL

https://pkg.go.dev/vuln/GO-2022-0515

Published

2022-08-12T17:19:52
(2 years ago)

Modified

2024-07-17T19:54:18
(2 months ago)

Other Advisories

Type	Package URL	Namespace	Name / Product	Version
Fixed	pkg:golang/go/parser	go	parser	= 1.17.12
Affected	pkg:golang/go/parser	go	parser	>= 1.18.3 < 1.17.12
Fixed	pkg:golang/go/parser	go	parser	= 1.18.4
Affected	pkg:golang/go/parser	go	parser	>= 1.18.3 < 1.18.4

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date