Search for vulnerabilities
Vulnerability details: VCID-uwz1-rspm-aaaj
Vulnerability ID VCID-uwz1-rspm-aaaj
Aliases CVE-2022-24675
Summary encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-674 Uncontrolled Recursion
CWE-770 Allocation of Resources Without Limits or Throttling
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2022:5006
rhas Moderate https://access.redhat.com/errata/RHSA-2022:5068
rhas Moderate https://access.redhat.com/errata/RHSA-2022:5337
rhas Moderate https://access.redhat.com/errata/RHSA-2022:5415
rhas Moderate https://access.redhat.com/errata/RHSA-2022:5729
rhas Moderate https://access.redhat.com/errata/RHSA-2022:5730
rhas Important https://access.redhat.com/errata/RHSA-2022:5799
rhas Moderate https://access.redhat.com/errata/RHSA-2022:5840
rhas Important https://access.redhat.com/errata/RHSA-2022:6040
rhas Important https://access.redhat.com/errata/RHSA-2022:6042
rhas Moderate https://access.redhat.com/errata/RHSA-2022:6094
rhas Moderate https://access.redhat.com/errata/RHSA-2022:6155
rhas Important https://access.redhat.com/errata/RHSA-2022:6156
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24675.json
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00435 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00435 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00435 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00435 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00435 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.01223 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.01304 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.01304 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.01304 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
epss 0.01568 https://api.first.org/data/v1/epss?cve=CVE-2022-24675
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=2077688
cvssv3.1 5.9 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 5.3 https://groups.google.com/g/golang-announce
generic_textual MODERATE https://groups.google.com/g/golang-announce
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2022-24675
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24675
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24675
cvssv3.1 5.3 https://security.gentoo.org/glsa/202208-02
generic_textual MODERATE https://security.gentoo.org/glsa/202208-02
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24675.json
https://api.first.org/data/v1/epss?cve=CVE-2022-24675
https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://groups.google.com/g/golang-announce
https://groups.google.com/g/golang-announce/c/oecdBNLOml8
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TYZC4OAY54TO75FBEFAPV5G7O4D5TM/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3BMW5QGX53CMIJIZWKXFKBJX2C5GWTY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RCRSABD6CUDIZULZPZL5BJ3ET3A2NEJP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42TYZC4OAY54TO75FBEFAPV5G7O4D5TM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F3BMW5QGX53CMIJIZWKXFKBJX2C5GWTY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RCRSABD6CUDIZULZPZL5BJ3ET3A2NEJP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/
https://security.gentoo.org/glsa/202208-02
https://security.netapp.com/advisory/ntap-20220915-0010/
2077688 https://bugzilla.redhat.com/show_bug.cgi?id=2077688
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:kubernetes_monitoring_operator:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:kubernetes_monitoring_operator:-:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
CVE-2022-24675 https://nvd.nist.gov/vuln/detail/CVE-2022-24675
RHSA-2022:5006 https://access.redhat.com/errata/RHSA-2022:5006
RHSA-2022:5068 https://access.redhat.com/errata/RHSA-2022:5068
RHSA-2022:5337 https://access.redhat.com/errata/RHSA-2022:5337
RHSA-2022:5415 https://access.redhat.com/errata/RHSA-2022:5415
RHSA-2022:5729 https://access.redhat.com/errata/RHSA-2022:5729
RHSA-2022:5730 https://access.redhat.com/errata/RHSA-2022:5730
RHSA-2022:5799 https://access.redhat.com/errata/RHSA-2022:5799
RHSA-2022:5840 https://access.redhat.com/errata/RHSA-2022:5840
RHSA-2022:6040 https://access.redhat.com/errata/RHSA-2022:6040
RHSA-2022:6042 https://access.redhat.com/errata/RHSA-2022:6042
RHSA-2022:6094 https://access.redhat.com/errata/RHSA-2022:6094
RHSA-2022:6152 https://access.redhat.com/errata/RHSA-2022:6152
RHSA-2022:6155 https://access.redhat.com/errata/RHSA-2022:6155
RHSA-2022:6156 https://access.redhat.com/errata/RHSA-2022:6156
RHSA-2022:6277 https://access.redhat.com/errata/RHSA-2022:6277
RHSA-2022:6290 https://access.redhat.com/errata/RHSA-2022:6290
RHSA-2022:6430 https://access.redhat.com/errata/RHSA-2022:6430
RHSA-2022:6526 https://access.redhat.com/errata/RHSA-2022:6526
RHSA-2022:6714 https://access.redhat.com/errata/RHSA-2022:6714
RHSA-2022:7058 https://access.redhat.com/errata/RHSA-2022:7058
RHSA-2022:8750 https://access.redhat.com/errata/RHSA-2022:8750
RHSA-2023:1529 https://access.redhat.com/errata/RHSA-2023:1529
RHSA-2023:3642 https://access.redhat.com/errata/RHSA-2023:3642
RHSA-2023:3914 https://access.redhat.com/errata/RHSA-2023:3914
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24675.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://groups.google.com/g/golang-announce
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2022-24675
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-24675
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-24675
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://security.gentoo.org/glsa/202208-02
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.28783
EPSS Score 0.00098
Published At May 2, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.