CVE-2022-30634

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-30634
Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://go.dev/cl/402257 Patch
https://go.dev/issue/52561 Exploit Issue Tracking
https://go.googlesource.com/go/+/bb1f4416180511231de6d17a1f2f55c82aafc863 Mailing List Patch
https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ Mailing List Third Party Advisory
https://pkg.go.dev/vuln/GO-2022-0477 Third Party Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:*
History

01 Mar 2023, 02:07

Type Values Removed Values Added
References (MISC) https://pkg.go.dev/vuln/GO-2022-0477 - (MISC) https://pkg.go.dev/vuln/GO-2022-0477 - Third Party Advisory

27 Dec 2022, 22:15

Type Values Removed Values Added
References
  • {'url': 'https://security.netapp.com/advisory/ntap-20220915-0004/', 'name': 'https://security.netapp.com/advisory/ntap-20220915-0004/', 'tags': ['Third Party Advisory'], 'refsource': 'CONFIRM'}
  • (MISC) https://pkg.go.dev/vuln/GO-2022-0477 -

28 Oct 2022, 18:16

Type Values Removed Values Added
First Time Netapp cloud Insights Telegraf Agent
Netapp
CPE cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:*
References (CONFIRM) https://security.netapp.com/advisory/ntap-20220915-0004/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20220915-0004/ - Third Party Advisory

15 Sep 2022, 18:15

Type Values Removed Values Added
References
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20220915-0004/ -

22 Jul 2022, 13:21

Type Values Removed Values Added
References (MISC) https://go.dev/cl/402257 - (MISC) https://go.dev/cl/402257 - Patch, Vendor Advisory
References (MISC) https://go.dev/issue/52561 - (MISC) https://go.dev/issue/52561 - Exploit, Issue Tracking, Third Party Advisory
References (MISC) https://go.googlesource.com/go/+/bb1f4416180511231de6d17a1f2f55c82aafc863 - (MISC) https://go.googlesource.com/go/+/bb1f4416180511231de6d17a1f2f55c82aafc863 - Mailing List, Patch, Vendor Advisory
References (MISC) https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ - (MISC) https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ - Mailing List, Third Party Advisory
First Time Microsoft
Golang
Microsoft windows
Golang go
CPE cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5
CWE CWE-835

15 Jul 2022, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2022-07-15 20:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-30634

Mitre link : CVE-2022-30634

CVE.ORG link : CVE-2022-30634

JSON object : View

Products Affected

microsoft

  • windows

golang

  • go

netapp

  • cloud_insights_telegraf_agent
CWE
CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')