Bug 2107342 (CVE-2022-30631)
| Summary: | CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Anten Skrabec <askrabec> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | abishop, acui, adam.kaplan, admiller, adudiak, agarcial, agerstmayr, akashem, akostadi, alcohan, alexander.bulimov, amackenz, amasferr, amctagga, amurdaca, andrew.jeddeloh, anjoseph, anon.amish, anpicker, ansmith, aoconnor, aos-network-edge-staff, aos-odin-bot, aos-team-ota, aputtur, asm, athoscribeiro, aveerama, bbaude, bbennett, bcl, bcoca, bdettelb, bgilbert, bkundu, blaise, bmontgom, bniver, bodavis, bperkins, bradley.g.smith, brking, bthurber, carl, carmelo.sarta.main, cbartlet, cdaley, chazlett, chousekn, cmarinea, cmeyers, code, comzeradd, container-sig, crizzo, dagray, danken, davide, davidn, dbenoit, debarshir, denis, deparker, dfreiber, dhanak, dmayorov, doconnor, dornelas, dperaza, drow, dsimansk, dustymabe, dwalsh, dwd, dwest, dwhatley, dymurray, ebakerupw, eclipseo, eglynn, ego.cordatus, emachado, eparis, ericedens, esm, extras-orphan, fdeutsch, filbranden, fjansen, flucifre, fpokorny, gblomqui, gchamoul, gmeno, go-sig, gparvin, grafana-maint, gscrivan, haoli, hhorak, hkataria, ibolton, i, ijolliff, infra-sig, inoton, jacding, jaharrin, jajackso, jbrooks, jburrell, jcajka, jcammara, jcantril, jchaloup, jchui, jeder, jerzhang, jhadvig, jhardy, jhrozek, jitsingh, jjelen, jjoyce, jligon, jlledo, jmatthew, jmencak, jmitchel, jmontleo, jneedle, jnovy, jobarker, joelsmith, jonathan, jorton, jpadman, jprabhak, jramanat, jschluet, jwboyer, jwon, kegrant, kingland, koliveir, kolyshkin, kshier, ktokunaga.mail, kverlaen, kwalker, lacypret, lball, lbragsta, lchilton, lemenkov, lhh, lkiesow, lmadsen, lmeyer, lsm5, lsvaty, mabashia, maciek.borzecki, manissin, marcandre.lureau, mark.e.fuller, mattia.verga, matzew, maxwell, mbenjamin, mburns, mcressma, me, me, mfojtik, mgarciac, mgoodwin, mhackett, mheon, michel, mkudlej, mmakovy, mnewsome, mnovotny, mrunge, mrussell, mskalicky, mwringe, nathans, ngompa13, njean, nobody, notting, nparekh, nstielau, n.yaghoobi.s, obudai, obulatov, ocp-storage-bot, ocs-bugs, o.lemasle, omaciel, openshift-release-oversight, opohorel, oramraz, osapryki, osbuilders, oskutka, owatkins, pahickey, pakotvan, patrick, paul, paul.wouters, pbraun, pegoncal, peholase, pehunt, periklis, pgaikwad, pgrist, philipp, pierdipi, pjindal, pknezevi, pkubat, ploffay, pthomas, quantum.analyst, rakesh.pandit, redhat, relrod, rguimara, rhaigner, rh.container.bot, rhcos-sst, rhcos-triage, rhos-maint, rhuss, rjohnson, rojacob, rominf, rpetrell, rphillips, ryncsn, sanchezl, santiago, saroy, sausingh, scorneli, sdoran, sejug, sfeifer, sgott, shvarugh, simaishi, sipoyare, skontopo, skunkerk, slaznick, slucidi, smcdonal, smullick, sostapov, spandura, spasquie, sponnaga, spower, spresti, sseago, ssteinbe, stcannon, stirabos, strigazi, surbania, teagle, team-winc-bot, tfister, tgunders, thason, thavo, thoiland, thrcka, TicoTimo, tjochec, tkuratom, travier, tsedovic, tstellar, tsweeney, ubhargav, uhhadd, umohnani, user-cont-team+packit-fas, vereddy, vimartin, vkareh, vkumar, vrothber, walters, wenshen, whayutin, wtam, xiyuan, xxia, yanqiyu01, yguenane, yselkowi, ytale, zdohnal |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | golang 1.18.4, golang 1.17.12 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-05-16 23:44:39 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2112052, 2107343, 2109556, 2109557, 2109558, 2109559, 2109560, 2109561, 2109562, 2109563, 2109564, 2109565, 2109566, 2109638, 2109639, 2110309, 2110724, 2111001, 2111482, 2111484, 2111746, 2111747, 2111752, 2111753, 2111758, 2111759, 2111760, 2111765, 2111766, 2111767, 2111772, 2111773, 2111774, 2111775, 2111786, 2111789, 2111790, 2111791, 2111792, 2111796, 2111797, 2111798, 2111805, 2111806, 2111807, 2111808, 2111816, 2111821, 2111822, 2111823, 2111826, 2111827, 2111828, 2111829, 2111830, 2111831, 2111833, 2111983, 2111986, 2112050, 2112051, 2112053, 2112054, 2112055, 2112056, 2112057, 2112058, 2112059, 2112060, 2112061, 2112062, 2112063, 2112064, 2112065, 2112066, 2112067, 2112068, 2112069, 2112070, 2112071, 2112072, 2112073, 2112074, 2112075, 2112076, 2112077, 2112078, 2112080, 2112081, 2112082, 2112083, 2112084, 2112085, 2114790, 2114791, 2114793, 2115439, 2115440, 2115441, 2115442, 2115443, 2115444, 2115445, 2115446, 2115447, 2115448, 2115449, 2115450, 2115451, 2115566, 2115567, 2115568, 2115569, 2115577, 2115578, 2115579, 2115580, 2115581, 2115582, 2115583, 2115584, 2115585, 2115586, 2115587, 2115588, 2115589, 2115590, 2115591, 2115592, 2115593, 2115594, 2115595, 2115596, 2115597, 2115598, 2115599, 2115600, 2116910, 2116911, 2116912, 2116913, 2116914, 2116915, 2116916, 2116917, 2116918, 2116919, 2117339, 2117341, 2123509, 2123510, 2123514, 2123748, 2123750, 2123754, 2168805 | ||
| Bug Blocks: | 2108711 | ||
|
Description
Anten Skrabec
2022-07-14 18:48:09 UTC
Created golang tracking bugs for this issue: Affects: fedora-all [bug 2107343] Created golang tracking bugs for this issue: Affects: epel-all [bug 2110309] This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:5775 https://access.redhat.com/errata/RHSA-2022:5775 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:5799 https://access.redhat.com/errata/RHSA-2022:5799 This issue has been addressed in the following products: Red Hat Developer Tools Via RHSA-2022:5866 https://access.redhat.com/errata/RHSA-2022:5866 This issue has been addressed in the following products: Service Telemetry Framework 1.3 for RHEL 8 Via RHSA-2022:5923 https://access.redhat.com/errata/RHSA-2022:5923 This issue has been addressed in the following products: Service Telemetry Framework 1.4 for RHEL 8 Via RHSA-2022:5924 https://access.redhat.com/errata/RHSA-2022:5924 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.10 Via RHSA-2022:5875 https://access.redhat.com/errata/RHSA-2022:5875 This issue has been addressed in the following products: Openshift Serverless 1 on RHEL 8 Via RHSA-2022:6042 https://access.redhat.com/errata/RHSA-2022:6042 This issue has been addressed in the following products: Openshift Serveless 1.24 Via RHSA-2022:6040 https://access.redhat.com/errata/RHSA-2022:6040 This issue has been addressed in the following products: Red Hat OpenStack Platform 16.2 Via RHSA-2022:6061 https://access.redhat.com/errata/RHSA-2022:6061 This issue has been addressed in the following products: Red Hat OpenStack Platform 16.2 Via RHSA-2022:6062 https://access.redhat.com/errata/RHSA-2022:6062 This issue has been addressed in the following products: Red Hat OpenStack Platform 16.1 Via RHSA-2022:6065 https://access.redhat.com/errata/RHSA-2022:6065 This issue has been addressed in the following products: Red Hat OpenStack Platform 16.1 Via RHSA-2022:6066 https://access.redhat.com/errata/RHSA-2022:6066 This issue has been addressed in the following products: Application Interconnect 1 for RHEL 8 Via RHSA-2022:6113 https://access.redhat.com/errata/RHSA-2022:6113 This issue has been addressed in the following products: RHOL-5.5-RHEL-8 Via RHSA-2022:6051 https://access.redhat.com/errata/RHSA-2022:6051 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.7 Via RHSA-2022:6053 https://access.redhat.com/errata/RHSA-2022:6053 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.11 Via RHSA-2022:6103 https://access.redhat.com/errata/RHSA-2022:6103 This issue has been addressed in the following products: Self Node Remediation 0.4 for RHEL 8 Via RHSA-2022:6184 https://access.redhat.com/errata/RHSA-2022:6184 This issue has been addressed in the following products: Node Healthcheck Operator 0.3 for RHEL 8 Via RHSA-2022:6187 https://access.redhat.com/errata/RHSA-2022:6187 This issue has been addressed in the following products: Node Maintenance Operator 4.11 for RHEL 8 Via RHSA-2022:6188 https://access.redhat.com/errata/RHSA-2022:6188 This issue has been addressed in the following products: OADP-1.1-RHEL-8 Via RHSA-2022:6290 https://access.redhat.com/errata/RHSA-2022:6290 This issue has been addressed in the following products: OSSO-1.1-RHEL-8 Via RHSA-2022:6152 https://access.redhat.com/errata/RHSA-2022:6152 This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.6 for RHEL 8 Via RHSA-2022:6347 https://access.redhat.com/errata/RHSA-2022:6347 This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.6 for RHEL 8 Via RHSA-2022:6346 https://access.redhat.com/errata/RHSA-2022:6346 This issue has been addressed in the following products: OpenShift Logging 5.3 Via RHSA-2022:6182 https://access.redhat.com/errata/RHSA-2022:6182 This issue has been addressed in the following products: Logging subsystem for Red Hat OpenShift 5.4 Via RHSA-2022:6183 https://access.redhat.com/errata/RHSA-2022:6183 This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.5 for RHEL 8 Via RHSA-2022:6348 https://access.redhat.com/errata/RHSA-2022:6348 This issue has been addressed in the following products: multicluster engine for Kubernetes 2.1 for RHEL 8 Via RHSA-2022:6345 https://access.redhat.com/errata/RHSA-2022:6345 This issue has been addressed in the following products: RHOL-5.5-RHEL-8 Via RHSA-2022:6344 https://access.redhat.com/errata/RHSA-2022:6344 This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.6 for RHEL 8 Via RHSA-2022:6370 https://access.redhat.com/errata/RHSA-2022:6370 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.6 Via RHSA-2022:6262 https://access.redhat.com/errata/RHSA-2022:6262 This issue has been addressed in the following products: Red Hat Migration Toolkit for Containers 1.7 Via RHSA-2022:6429 https://access.redhat.com/errata/RHSA-2022:6429 This issue has been addressed in the following products: OADP-1.0-RHEL-8 Via RHSA-2022:6430 https://access.redhat.com/errata/RHSA-2022:6430 This issue has been addressed in the following products: Red Hat OpenStack Platform 16.2 Via RHSA-2022:6517 https://access.redhat.com/errata/RHSA-2022:6517 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.8 Via RHSA-2022:6308 https://access.redhat.com/errata/RHSA-2022:6308 This issue has been addressed in the following products: OpenShift Logging 5.3 Via RHSA-2022:6560 https://access.redhat.com/errata/RHSA-2022:6560 This issue has been addressed in the following products: RHACS-3.72-RHEL-8 Via RHSA-2022:6714 https://access.redhat.com/errata/RHSA-2022:6714 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7519 https://access.redhat.com/errata/RHSA-2022:7519 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7529 https://access.redhat.com/errata/RHSA-2022:7529 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7648 https://access.redhat.com/errata/RHSA-2022:7648 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:8057 https://access.redhat.com/errata/RHSA-2022:8057 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:8098 https://access.redhat.com/errata/RHSA-2022:8098 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:8250 https://access.redhat.com/errata/RHSA-2022:8250 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2022:7398 https://access.redhat.com/errata/RHSA-2022:7398 This issue has been addressed in the following products: RHEL-8-CNV-4.12 RHEL-7-CNV-4.12 Via RHSA-2023:0407 https://access.redhat.com/errata/RHSA-2023:0407 This issue has been addressed in the following products: RHEL-8-CNV-4.12 Via RHSA-2023:0408 https://access.redhat.com/errata/RHSA-2023:0408 This issue has been addressed in the following products: OpenShift Custom Metrics Autoscaler 2 Via RHSA-2023:1042 https://access.redhat.com/errata/RHSA-2023:1042 This issue has been addressed in the following products: STF-1.5-RHEL-8 Via RHSA-2023:1529 https://access.redhat.com/errata/RHSA-2023:1529 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:2758 https://access.redhat.com/errata/RHSA-2023:2758 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:2802 https://access.redhat.com/errata/RHSA-2023:2802 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-30631 This issue has been addressed in the following products: Red Hat Ceph Storage 6.1 Via RHSA-2023:3642 https://access.redhat.com/errata/RHSA-2023:3642 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:2180 https://access.redhat.com/errata/RHSA-2024:2180 |