Search for vulnerabilities
Vulnerability details: VCID-3jz7-muy2-aaam
Vulnerability ID VCID-3jz7-muy2-aaam
Aliases CVE-2022-30631
Summary Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-674 Uncontrolled Recursion
CWE-1325 Improperly Controlled Sequential Memory Allocation
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2022:5775
rhas Important https://access.redhat.com/errata/RHSA-2022:5799
rhas Important https://access.redhat.com/errata/RHSA-2022:5866
rhas Moderate https://access.redhat.com/errata/RHSA-2022:5875
rhas Important https://access.redhat.com/errata/RHSA-2022:5879
rhas Important https://access.redhat.com/errata/RHSA-2022:5923
rhas Important https://access.redhat.com/errata/RHSA-2022:5924
rhas Important https://access.redhat.com/errata/RHSA-2022:6040
rhas Important https://access.redhat.com/errata/RHSA-2022:6042
rhas Important https://access.redhat.com/errata/RHSA-2022:6051
rhas Moderate https://access.redhat.com/errata/RHSA-2022:6053
rhas Important https://access.redhat.com/errata/RHSA-2022:6061
rhas Important https://access.redhat.com/errata/RHSA-2022:6062
rhas Important https://access.redhat.com/errata/RHSA-2022:6065
rhas Important https://access.redhat.com/errata/RHSA-2022:6066
rhas Moderate https://access.redhat.com/errata/RHSA-2022:6103
rhas Important https://access.redhat.com/errata/RHSA-2022:6113
rhas Important https://access.redhat.com/errata/RHSA-2022:6184
rhas Important https://access.redhat.com/errata/RHSA-2022:6187
rhas Important https://access.redhat.com/errata/RHSA-2022:6188
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30631.json
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.0007 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00218 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00218 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00218 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
epss 0.00218 https://api.first.org/data/v1/epss?cve=CVE-2022-30631
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=2107342
cvssv3.1 6.2 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30631
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30631
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30631.json
https://api.first.org/data/v1/epss?cve=CVE-2022-30631
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://go.dev/cl/417067
https://go.dev/issue/53168
https://go.googlesource.com/go/+/b2b8872c876201eac2d0707276c6999ff3eb185e
https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/
https://pkg.go.dev/vuln/GO-2022-0524
2107342 https://bugzilla.redhat.com/show_bug.cgi?id=2107342
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
CVE-2022-30631 https://nvd.nist.gov/vuln/detail/CVE-2022-30631
RHSA-2022:5775 https://access.redhat.com/errata/RHSA-2022:5775
RHSA-2022:5799 https://access.redhat.com/errata/RHSA-2022:5799
RHSA-2022:5866 https://access.redhat.com/errata/RHSA-2022:5866
RHSA-2022:5875 https://access.redhat.com/errata/RHSA-2022:5875
RHSA-2022:5879 https://access.redhat.com/errata/RHSA-2022:5879
RHSA-2022:5923 https://access.redhat.com/errata/RHSA-2022:5923
RHSA-2022:5924 https://access.redhat.com/errata/RHSA-2022:5924
RHSA-2022:6040 https://access.redhat.com/errata/RHSA-2022:6040
RHSA-2022:6042 https://access.redhat.com/errata/RHSA-2022:6042
RHSA-2022:6051 https://access.redhat.com/errata/RHSA-2022:6051
RHSA-2022:6053 https://access.redhat.com/errata/RHSA-2022:6053
RHSA-2022:6061 https://access.redhat.com/errata/RHSA-2022:6061
RHSA-2022:6062 https://access.redhat.com/errata/RHSA-2022:6062
RHSA-2022:6065 https://access.redhat.com/errata/RHSA-2022:6065
RHSA-2022:6066 https://access.redhat.com/errata/RHSA-2022:6066
RHSA-2022:6103 https://access.redhat.com/errata/RHSA-2022:6103
RHSA-2022:6113 https://access.redhat.com/errata/RHSA-2022:6113
RHSA-2022:6152 https://access.redhat.com/errata/RHSA-2022:6152
RHSA-2022:6182 https://access.redhat.com/errata/RHSA-2022:6182
RHSA-2022:6183 https://access.redhat.com/errata/RHSA-2022:6183
RHSA-2022:6184 https://access.redhat.com/errata/RHSA-2022:6184
RHSA-2022:6187 https://access.redhat.com/errata/RHSA-2022:6187
RHSA-2022:6188 https://access.redhat.com/errata/RHSA-2022:6188
RHSA-2022:6262 https://access.redhat.com/errata/RHSA-2022:6262
RHSA-2022:6290 https://access.redhat.com/errata/RHSA-2022:6290
RHSA-2022:6308 https://access.redhat.com/errata/RHSA-2022:6308
RHSA-2022:6344 https://access.redhat.com/errata/RHSA-2022:6344
RHSA-2022:6345 https://access.redhat.com/errata/RHSA-2022:6345
RHSA-2022:6346 https://access.redhat.com/errata/RHSA-2022:6346
RHSA-2022:6347 https://access.redhat.com/errata/RHSA-2022:6347
RHSA-2022:6348 https://access.redhat.com/errata/RHSA-2022:6348
RHSA-2022:6370 https://access.redhat.com/errata/RHSA-2022:6370
RHSA-2022:6429 https://access.redhat.com/errata/RHSA-2022:6429
RHSA-2022:6430 https://access.redhat.com/errata/RHSA-2022:6430
RHSA-2022:6517 https://access.redhat.com/errata/RHSA-2022:6517
RHSA-2022:6560 https://access.redhat.com/errata/RHSA-2022:6560
RHSA-2022:6714 https://access.redhat.com/errata/RHSA-2022:6714
RHSA-2022:7519 https://access.redhat.com/errata/RHSA-2022:7519
RHSA-2022:7529 https://access.redhat.com/errata/RHSA-2022:7529
RHSA-2022:7648 https://access.redhat.com/errata/RHSA-2022:7648
RHSA-2022:8057 https://access.redhat.com/errata/RHSA-2022:8057
RHSA-2022:8098 https://access.redhat.com/errata/RHSA-2022:8098
RHSA-2022:8250 https://access.redhat.com/errata/RHSA-2022:8250
RHSA-2023:0407 https://access.redhat.com/errata/RHSA-2023:0407
RHSA-2023:0408 https://access.redhat.com/errata/RHSA-2023:0408
RHSA-2023:0727 https://access.redhat.com/errata/RHSA-2023:0727
RHSA-2023:1042 https://access.redhat.com/errata/RHSA-2023:1042
RHSA-2023:1529 https://access.redhat.com/errata/RHSA-2023:1529
RHSA-2023:2758 https://access.redhat.com/errata/RHSA-2023:2758
RHSA-2023:2802 https://access.redhat.com/errata/RHSA-2023:2802
RHSA-2023:3642 https://access.redhat.com/errata/RHSA-2023:3642
RHSA-2024:2180 https://access.redhat.com/errata/RHSA-2024:2180
USN-6038-1 https://usn.ubuntu.com/6038-1/
USN-6038-2 https://usn.ubuntu.com/6038-2/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30631.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-30631
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-30631
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.05799
EPSS Score 0.00032
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.