CVE-2022-24921

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
05/03/2022
Last modified:
08/08/2023

Description

regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* 1.16.15 (excluding)
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* 1.17 (including) 1.17.8 (excluding)
cpe:2.3:a:netapp:astra_trident:-:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*