Search for vulnerabilities
Vulnerability details: VCID-q8fq-1yrc-aaag
Vulnerability ID VCID-q8fq-1yrc-aaag
Aliases CVE-2022-24921
Summary regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-674 Uncontrolled Recursion
CWE-400 Uncontrolled Resource Consumption
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2022:5068
rhas Moderate https://access.redhat.com/errata/RHSA-2022:5337
rhas Moderate https://access.redhat.com/errata/RHSA-2022:5415
rhas Moderate https://access.redhat.com/errata/RHSA-2022:5729
rhas Moderate https://access.redhat.com/errata/RHSA-2022:5730
rhas Important https://access.redhat.com/errata/RHSA-2022:5799
rhas Important https://access.redhat.com/errata/RHSA-2022:6040
rhas Important https://access.redhat.com/errata/RHSA-2022:6042
rhas Important https://access.redhat.com/errata/RHSA-2022:6156
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24921.json
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00441 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00625 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00625 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00625 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00625 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00625 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00625 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00625 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00625 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00625 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00625 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00625 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00997 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00997 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.00997 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
epss 0.01408 https://api.first.org/data/v1/epss?cve=CVE-2022-24921
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=2064857
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2022-24921
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24921
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24921
cvssv3.1 5.3 https://security.gentoo.org/glsa/202208-02
generic_textual MODERATE https://security.gentoo.org/glsa/202208-02
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24921.json
https://api.first.org/data/v1/epss?cve=CVE-2022-24921
https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24921
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk
https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html
https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html
https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html
https://security.gentoo.org/glsa/202208-02
https://security.netapp.com/advisory/ntap-20220325-0010/
2064857 https://bugzilla.redhat.com/show_bug.cgi?id=2064857
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:astra_trident:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:astra_trident:-:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
CVE-2022-24921 https://nvd.nist.gov/vuln/detail/CVE-2022-24921
ISTIO-SECURITY-2022-004 https://istio.io/latest/news/security/ISTIO-SECURITY-2022-004/
RHSA-2022:5068 https://access.redhat.com/errata/RHSA-2022:5068
RHSA-2022:5337 https://access.redhat.com/errata/RHSA-2022:5337
RHSA-2022:5415 https://access.redhat.com/errata/RHSA-2022:5415
RHSA-2022:5729 https://access.redhat.com/errata/RHSA-2022:5729
RHSA-2022:5730 https://access.redhat.com/errata/RHSA-2022:5730
RHSA-2022:5799 https://access.redhat.com/errata/RHSA-2022:5799
RHSA-2022:6040 https://access.redhat.com/errata/RHSA-2022:6040
RHSA-2022:6042 https://access.redhat.com/errata/RHSA-2022:6042
RHSA-2022:6156 https://access.redhat.com/errata/RHSA-2022:6156
RHSA-2022:6277 https://access.redhat.com/errata/RHSA-2022:6277
RHSA-2022:6526 https://access.redhat.com/errata/RHSA-2022:6526
RHSA-2022:6714 https://access.redhat.com/errata/RHSA-2022:6714
RHSA-2022:8750 https://access.redhat.com/errata/RHSA-2022:8750
RHSA-2023:0407 https://access.redhat.com/errata/RHSA-2023:0407
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24921.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2022-24921
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-24921
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-24921
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://security.gentoo.org/glsa/202208-02
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.01099
EPSS Score 0.00014
Published At April 4, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.