Search for vulnerabilities
Vulnerability details: VCID-hhgb-4kt7-aaap
Vulnerability ID VCID-hhgb-4kt7-aaap
Aliases CVE-2022-2879
Summary Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-770 Allocation of Resources Without Limits or Throttling
System Score Found at
cvssv3 6.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2879.json
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00215 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00215 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
epss 0.00215 https://api.first.org/data/v1/epss?cve=CVE-2022-2879
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2879
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2879
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2879.json
https://api.first.org/data/v1/epss?cve=CVE-2022-2879
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://go.dev/cl/439355
https://go.dev/issue/54853
https://groups.google.com/g/golang-announce/c/xtuG5faxtaU
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/THKJHFMX4DAZXJ5MFPN3BNHZDN7BW5RI/
https://pkg.go.dev/vuln/GO-2022-1037
2132867 https://bugzilla.redhat.com/show_bug.cgi?id=2132867
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
CVE-2022-2879 https://nvd.nist.gov/vuln/detail/CVE-2022-2879
GLSA-202311-09 https://security.gentoo.org/glsa/202311-09
RHSA-2022:7399 https://access.redhat.com/errata/RHSA-2022:7399
RHSA-2022:8535 https://access.redhat.com/errata/RHSA-2022:8535
RHSA-2022:8781 https://access.redhat.com/errata/RHSA-2022:8781
RHSA-2023:0264 https://access.redhat.com/errata/RHSA-2023:0264
RHSA-2023:0328 https://access.redhat.com/errata/RHSA-2023:0328
RHSA-2023:0445 https://access.redhat.com/errata/RHSA-2023:0445
RHSA-2023:0446 https://access.redhat.com/errata/RHSA-2023:0446
RHSA-2023:0542 https://access.redhat.com/errata/RHSA-2023:0542
RHSA-2023:0693 https://access.redhat.com/errata/RHSA-2023:0693
RHSA-2023:0708 https://access.redhat.com/errata/RHSA-2023:0708
RHSA-2023:0709 https://access.redhat.com/errata/RHSA-2023:0709
RHSA-2023:0727 https://access.redhat.com/errata/RHSA-2023:0727
RHSA-2023:1042 https://access.redhat.com/errata/RHSA-2023:1042
RHSA-2023:1079 https://access.redhat.com/errata/RHSA-2023:1079
RHSA-2023:1174 https://access.redhat.com/errata/RHSA-2023:1174
RHSA-2023:2204 https://access.redhat.com/errata/RHSA-2023:2204
RHSA-2023:2780 https://access.redhat.com/errata/RHSA-2023:2780
RHSA-2023:3205 https://access.redhat.com/errata/RHSA-2023:3205
RHSA-2023:3613 https://access.redhat.com/errata/RHSA-2023:3613
RHSA-2023:3742 https://access.redhat.com/errata/RHSA-2023:3742
RHSA-2023:4003 https://access.redhat.com/errata/RHSA-2023:4003
RHSA-2024:0121 https://access.redhat.com/errata/RHSA-2024:0121
RHSA-2024:2944 https://access.redhat.com/errata/RHSA-2024:2944
RHSA-2024:2988 https://access.redhat.com/errata/RHSA-2024:2988
USN-6038-1 https://usn.ubuntu.com/6038-1/
USN-6038-2 https://usn.ubuntu.com/6038-2/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2879.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-2879
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-2879
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.01405
EPSS Score 0.00015
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.