Your submission was sent successfully! Close

CVE-2022-30634

Published: 15 July 2022

Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
golang-1.11
Launchpad, Ubuntu, Debian
upstream Not vulnerable
(debian: Only affects Go on Windows)
golang-1.15
Launchpad, Ubuntu, Debian
impish Ignored
(reached end-of-life)
upstream Not vulnerable
(debian: Only affects Go on Windows)
golang-1.17
Launchpad, Ubuntu, Debian
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Does not exist

upstream Not vulnerable
(debian: Only affects Go on Windows)
golang-1.18
Launchpad, Ubuntu, Debian
jammy Needs triage

kinetic Does not exist

upstream Not vulnerable
(debian: Only affects Go on Windows)
golang-1.7
Launchpad, Ubuntu, Debian
upstream Not vulnerable
(debian: Only affects Go on Windows)
golang-1.8
Launchpad, Ubuntu, Debian
bionic Needs triage

upstream Not vulnerable
(debian: Only affects Go on Windows)