VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-6vwn-qdd6-aaab

Essentials
Severities (44)
References (42)
Severity details (4)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-6vwn-qdd6-aaab
Aliases	CVE-2022-1962
Summary	Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-674	Uncontrolled Recursion
CWE-1325	Improperly Controlled Sequential Memory Allocation

System	Score	Found at
rhas	Important	https://access.redhat.com/errata/RHSA-2022:5775
rhas	Important	https://access.redhat.com/errata/RHSA-2022:5799
rhas	Important	https://access.redhat.com/errata/RHSA-2022:5866
rhas	Important	https://access.redhat.com/errata/RHSA-2022:6040
rhas	Important	https://access.redhat.com/errata/RHSA-2022:6042
rhas	Important	https://access.redhat.com/errata/RHSA-2022:6113
rhas	Important	https://access.redhat.com/errata/RHSA-2022:6188
cvssv3	5.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1962.json
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-1962
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-1962
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-1962
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-1962
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-1962
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-1962
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-1962
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-1962
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-1962
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-1962
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-1962
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-1962
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-1962
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-1962
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2022-1962
epss	4e-05	https://api.first.org/data/v1/epss?cve=CVE-2022-1962
epss	4e-05	https://api.first.org/data/v1/epss?cve=CVE-2022-1962
epss	4e-05	https://api.first.org/data/v1/epss?cve=CVE-2022-1962
epss	4e-05	https://api.first.org/data/v1/epss?cve=CVE-2022-1962
epss	4e-05	https://api.first.org/data/v1/epss?cve=CVE-2022-1962
epss	4e-05	https://api.first.org/data/v1/epss?cve=CVE-2022-1962
epss	4e-05	https://api.first.org/data/v1/epss?cve=CVE-2022-1962
epss	4e-05	https://api.first.org/data/v1/epss?cve=CVE-2022-1962
epss	4e-05	https://api.first.org/data/v1/epss?cve=CVE-2022-1962
epss	4e-05	https://api.first.org/data/v1/epss?cve=CVE-2022-1962
epss	4e-05	https://api.first.org/data/v1/epss?cve=CVE-2022-1962
epss	4e-05	https://api.first.org/data/v1/epss?cve=CVE-2022-1962
epss	4e-05	https://api.first.org/data/v1/epss?cve=CVE-2022-1962
epss	4e-05	https://api.first.org/data/v1/epss?cve=CVE-2022-1962
epss	4e-05	https://api.first.org/data/v1/epss?cve=CVE-2022-1962
epss	4e-05	https://api.first.org/data/v1/epss?cve=CVE-2022-1962
epss	4e-05	https://api.first.org/data/v1/epss?cve=CVE-2022-1962
rhbs	medium	https://bugzilla.redhat.com/show_bug.cgi?id=2107376
cvssv3.1	6.2	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3	5.5	https://nvd.nist.gov/vuln/detail/CVE-2022-1962
cvssv3.1	5.5	https://nvd.nist.gov/vuln/detail/CVE-2022-1962

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1962.json
		https://api.first.org/data/v1/epss?cve=CVE-2022-1962
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1962
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://go.dev/cl/417063
		https://go.dev/issue/53616
		https://go.googlesource.com/go/+/695be961d57508da5a82217f7415200a11845879
		https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/
		https://pkg.go.dev/vuln/GO-2022-0515
2107376		https://bugzilla.redhat.com/show_bug.cgi?id=2107376
cpe:2.3:a:golang:go::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:golang:go::::::::
cpe:2.3:o:fedoraproject:fedora:35:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:::::::*
CVE-2022-1962		https://nvd.nist.gov/vuln/detail/CVE-2022-1962
RHSA-2022:5775		https://access.redhat.com/errata/RHSA-2022:5775
RHSA-2022:5799		https://access.redhat.com/errata/RHSA-2022:5799
RHSA-2022:5866		https://access.redhat.com/errata/RHSA-2022:5866
RHSA-2022:6040		https://access.redhat.com/errata/RHSA-2022:6040
RHSA-2022:6042		https://access.redhat.com/errata/RHSA-2022:6042
RHSA-2022:6113		https://access.redhat.com/errata/RHSA-2022:6113
RHSA-2022:6152		https://access.redhat.com/errata/RHSA-2022:6152
RHSA-2022:6188		https://access.redhat.com/errata/RHSA-2022:6188
RHSA-2022:6283		https://access.redhat.com/errata/RHSA-2022:6283
RHSA-2022:6345		https://access.redhat.com/errata/RHSA-2022:6345
RHSA-2022:6346		https://access.redhat.com/errata/RHSA-2022:6346
RHSA-2022:6347		https://access.redhat.com/errata/RHSA-2022:6347
RHSA-2022:6348		https://access.redhat.com/errata/RHSA-2022:6348
RHSA-2022:6370		https://access.redhat.com/errata/RHSA-2022:6370
RHSA-2022:6430		https://access.redhat.com/errata/RHSA-2022:6430
RHSA-2022:7519		https://access.redhat.com/errata/RHSA-2022:7519
RHSA-2022:7529		https://access.redhat.com/errata/RHSA-2022:7529
RHSA-2022:8057		https://access.redhat.com/errata/RHSA-2022:8057
RHSA-2022:9047		https://access.redhat.com/errata/RHSA-2022:9047
RHSA-2023:0407		https://access.redhat.com/errata/RHSA-2023:0407
RHSA-2023:0408		https://access.redhat.com/errata/RHSA-2023:0408
RHSA-2023:1042		https://access.redhat.com/errata/RHSA-2023:1042
RHSA-2023:2758		https://access.redhat.com/errata/RHSA-2023:2758
RHSA-2023:2802		https://access.redhat.com/errata/RHSA-2023:2802
RHSA-2024:0778		https://access.redhat.com/errata/RHSA-2024:0778
RHSA-2024:1027		https://access.redhat.com/errata/RHSA-2024:1027
RHSA-2024:1433		https://access.redhat.com/errata/RHSA-2024:1433
USN-6038-1		https://usn.ubuntu.com/6038-1/

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1962.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-1962

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-1962

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.33708
EPSS Score	0.00076
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.