Bug 2107342 (CVE-2022-30631) - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
Summary: CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-30631
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: Red Hat2112050 Red Hat2112051 Red Hat2112052 Red Hat2112053 Red Hat2112055 Red Hat2112059 Red Hat2112060 Red Hat2112064 Red Hat2112071 Red Hat2112072 Red Hat2112085 Red Hat2115566 Red Hat2115567 Red Hat2115568 Red Hat2115569 Red Hat2117339 Red Hat2117341 2107343 Red Hat2109556 Red Hat2109557 Red Hat2109558 Red Hat2109559 Red Hat2109560 Red Hat2109561 Red Hat2109562 Red Hat2109563 Red Hat2109564 Red Hat2109565 Red Hat2109566 Red Hat2109638 Red Hat2109639 2110309 Red Hat2110724 Engineering2111001 Red Hat2111482 Red Hat2111484 Red Hat2111746 Red Hat2111747 Red Hat2111752 Red Hat2111753 Red Hat2111758 Red Hat2111759 Red Hat2111760 Red Hat2111765 Red Hat2111766 Red Hat2111767 Red Hat2111772 Red Hat2111773 Red Hat2111774 Red Hat2111775 Red Hat2111786 Red Hat2111789 Red Hat2111790 Red Hat2111791 Red Hat2111792 Red Hat2111796 Red Hat2111797 Red Hat2111798 Red Hat2111805 Red Hat2111806 Red Hat2111807 Red Hat2111808 Red Hat2111816 Red Hat2111821 Red Hat2111822 Red Hat2111823 Red Hat2111826 Red Hat2111827 Red Hat2111828 Red Hat2111829 Red Hat2111830 Red Hat2111831 Red Hat2111833 Red Hat2111983 Red Hat2111986 Red Hat2112054 Red Hat2112056 Red Hat2112057 Red Hat2112058 Red Hat2112061 Red Hat2112062 Red Hat2112063 Red Hat2112065 Red Hat2112066 Red Hat2112067 Red Hat2112068 Red Hat2112069 Red Hat2112070 Red Hat2112073 Red Hat2112074 Red Hat2112075 Red Hat2112076 Red Hat2112077 Red Hat2112078 Red Hat2112080 Red Hat2112081 Red Hat2112082 Red Hat2112083 Red Hat2112084 Red Hat2114790 Red Hat2114791 Red Hat2114793 Red Hat2115439 Red Hat2115440 Red Hat2115441 Red Hat2115442 Red Hat2115443 Red Hat2115444 Red Hat2115445 Red Hat2115446 Red Hat2115447 Red Hat2115448 Red Hat2115449 Red Hat2115450 Red Hat2115451 Red Hat2115577 Red Hat2115578 Red Hat2115579 Red Hat2115580 Red Hat2115581 Red Hat2115582 Red Hat2115583 Red Hat2115584 Red Hat2115585 Red Hat2115586 Red Hat2115587 Red Hat2115588 Red Hat2115589 Red Hat2115590 Red Hat2115591 Red Hat2115592 Red Hat2115593 Red Hat2115594 Red Hat2115595 Red Hat2115596 Red Hat2115597 Red Hat2115598 Red Hat2115599 Red Hat2115600 Red Hat2116910 Red Hat2116911 Red Hat2116912 Red Hat2116913 Red Hat2116914 Red Hat2116915 Red Hat2116916 Red Hat2116917 Red Hat2116918 Red Hat2116919 Engineering2123509 Engineering2123510 Engineering2123514 Engineering2123748 Engineering2123750 Engineering2123754 Red Hat2168805
Blocks: Embargoed2108711
TreeView+ depends on / blocked
 
Reported: 2022-07-14 18:48 UTC by Anten Skrabec
Modified: 2023-05-16 23:44 UTC (History)
250 users (show)

Fixed In Version: golang 1.18.4, golang 1.17.12
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.
Clone Of:
Environment:
Last Closed: 2023-05-16 23:44:39 UTC

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2022:5800 0 None None None 2022-08-01 15:59:31 UTC
Red Hat Product Errata RHBA-2022:6131 0 None None None 2022-08-22 19:35:53 UTC
Red Hat Product Errata RHSA-2022:5775 0 None None None 2022-08-01 12:04:06 UTC
Red Hat Product Errata RHSA-2022:5799 0 None None None 2022-08-01 16:04:06 UTC
Red Hat Product Errata RHSA-2022:5866 0 None None None 2022-08-02 09:53:33 UTC
Red Hat Product Errata RHSA-2022:5875 0 None None None 2022-08-09 02:36:13 UTC
Red Hat Product Errata RHSA-2022:5923 0 None None None 2022-08-08 16:42:44 UTC
Red Hat Product Errata RHSA-2022:5924 0 None None None 2022-08-08 16:57:34 UTC
Red Hat Product Errata RHSA-2022:6040 0 None None None 2022-08-10 13:16:01 UTC
Red Hat Product Errata RHSA-2022:6042 0 None None None 2022-08-10 11:37:25 UTC
Red Hat Product Errata RHSA-2022:6051 0 None None None 2022-08-18 16:05:00 UTC
Red Hat Product Errata RHSA-2022:6053 0 None None None 2022-08-22 21:15:37 UTC
Red Hat Product Errata RHSA-2022:6061 0 None None None 2022-08-15 09:17:35 UTC
Red Hat Product Errata RHSA-2022:6062 0 None None None 2022-08-15 09:18:58 UTC
Red Hat Product Errata RHSA-2022:6065 0 None None None 2022-08-15 09:44:51 UTC
Red Hat Product Errata RHSA-2022:6066 0 None None None 2022-08-15 09:46:19 UTC
Red Hat Product Errata RHSA-2022:6103 0 None None None 2022-08-23 15:08:11 UTC
Red Hat Product Errata RHSA-2022:6113 0 None None None 2022-08-18 15:10:37 UTC
Red Hat Product Errata RHSA-2022:6152 0 None None None 2022-09-01 05:41:17 UTC
Red Hat Product Errata RHSA-2022:6182 0 None None None 2022-09-06 13:22:36 UTC
Red Hat Product Errata RHSA-2022:6183 0 None None None 2022-09-06 13:32:38 UTC
Red Hat Product Errata RHSA-2022:6184 0 None None None 2022-08-25 05:50:11 UTC
Red Hat Product Errata RHSA-2022:6187 0 None None None 2022-08-25 10:09:14 UTC
Red Hat Product Errata RHSA-2022:6188 0 None None None 2022-08-25 11:21:20 UTC
Red Hat Product Errata RHSA-2022:6262 0 None None None 2022-09-09 05:15:04 UTC
Red Hat Product Errata RHSA-2022:6290 0 None None None 2022-09-01 01:25:16 UTC
Red Hat Product Errata RHSA-2022:6308 0 None None None 2022-09-14 20:38:55 UTC
Red Hat Product Errata RHSA-2022:6344 0 None None None 2022-09-06 17:00:47 UTC
Red Hat Product Errata RHSA-2022:6345 0 None None None 2022-09-06 14:33:50 UTC
Red Hat Product Errata RHSA-2022:6346 0 None None None 2022-09-06 13:02:35 UTC
Red Hat Product Errata RHSA-2022:6347 0 None None None 2022-09-06 12:58:27 UTC
Red Hat Product Errata RHSA-2022:6348 0 None None None 2022-09-06 13:42:57 UTC
Red Hat Product Errata RHSA-2022:6370 0 None None None 2022-09-06 22:29:35 UTC
Red Hat Product Errata RHSA-2022:6429 0 None None None 2022-09-13 00:58:46 UTC
Red Hat Product Errata RHSA-2022:6430 0 None None None 2022-09-13 02:10:20 UTC
Red Hat Product Errata RHSA-2022:6517 0 None None None 2022-09-14 12:48:49 UTC
Red Hat Product Errata RHSA-2022:6560 0 None None None 2022-09-26 09:41:26 UTC
Red Hat Product Errata RHSA-2022:6714 0 None None None 2022-09-26 15:27:29 UTC
Red Hat Product Errata RHSA-2022:7398 0 None None None 2023-01-17 14:51:12 UTC
Red Hat Product Errata RHSA-2022:7519 0 None None None 2022-11-08 09:26:02 UTC
Red Hat Product Errata RHSA-2022:7529 0 None None None 2022-11-08 09:28:29 UTC
Red Hat Product Errata RHSA-2022:7648 0 None None None 2022-11-08 10:00:12 UTC
Red Hat Product Errata RHSA-2022:8057 0 None None None 2022-11-15 10:06:36 UTC
Red Hat Product Errata RHSA-2022:8098 0 None None None 2022-11-15 10:14:51 UTC
Red Hat Product Errata RHSA-2022:8250 0 None None None 2022-11-15 10:43:50 UTC
Red Hat Product Errata RHSA-2023:0407 0 None None None 2023-01-24 12:49:11 UTC
Red Hat Product Errata RHSA-2023:0408 0 None None None 2023-01-24 13:35:01 UTC
Red Hat Product Errata RHSA-2023:1042 0 None None None 2023-03-06 18:39:09 UTC
Red Hat Product Errata RHSA-2023:1529 0 None None None 2023-03-30 00:43:26 UTC
Red Hat Product Errata RHSA-2023:2758 0 None None None 2023-05-16 08:08:38 UTC
Red Hat Product Errata RHSA-2023:2802 0 None None None 2023-05-16 08:14:43 UTC

Description Anten Skrabec 2022-07-14 18:48:09 UTC 
Calling Reader.Read on an archive containing a large number of concatenated 0-length compressed files can cause a panic due to stack exhaustion.
Comment 1 Anten Skrabec 2022-07-14 18:49:08 UTC 
Created golang tracking bugs for this issue:

Affects: fedora-all [bug 2107343]
Comment 10 Avinash Hanwate 2022-07-25 07:34:14 UTC 
Created golang tracking bugs for this issue:

Affects: epel-all [bug 2110309]
Comment 31 errata-xmlrpc 2022-08-01 12:03:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:5775 https://access.redhat.com/errata/RHSA-2022:5775
Comment 32 errata-xmlrpc 2022-08-01 16:03:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:5799 https://access.redhat.com/errata/RHSA-2022:5799
Comment 33 errata-xmlrpc 2022-08-02 09:53:22 UTC 
This issue has been addressed in the following products:

  Red Hat Developer Tools

Via RHSA-2022:5866 https://access.redhat.com/errata/RHSA-2022:5866
Comment 41 errata-xmlrpc 2022-08-08 16:42:32 UTC 
This issue has been addressed in the following products:

  Service Telemetry Framework 1.3 for RHEL 8

Via RHSA-2022:5923 https://access.redhat.com/errata/RHSA-2022:5923
Comment 42 errata-xmlrpc 2022-08-08 16:57:23 UTC 
This issue has been addressed in the following products:

  Service Telemetry Framework 1.4 for RHEL 8

Via RHSA-2022:5924 https://access.redhat.com/errata/RHSA-2022:5924
Comment 43 errata-xmlrpc 2022-08-09 02:36:02 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.10

Via RHSA-2022:5875 https://access.redhat.com/errata/RHSA-2022:5875
Comment 46 errata-xmlrpc 2022-08-10 11:37:13 UTC 
This issue has been addressed in the following products:

  Openshift Serverless 1 on RHEL 8

Via RHSA-2022:6042 https://access.redhat.com/errata/RHSA-2022:6042
Comment 47 errata-xmlrpc 2022-08-10 13:15:49 UTC 
This issue has been addressed in the following products:

  Openshift Serveless 1.24

Via RHSA-2022:6040 https://access.redhat.com/errata/RHSA-2022:6040
Comment 52 errata-xmlrpc 2022-08-15 09:17:26 UTC 
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 16.2

Via RHSA-2022:6061 https://access.redhat.com/errata/RHSA-2022:6061
Comment 53 errata-xmlrpc 2022-08-15 09:18:48 UTC 
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 16.2

Via RHSA-2022:6062 https://access.redhat.com/errata/RHSA-2022:6062
Comment 54 errata-xmlrpc 2022-08-15 09:44:43 UTC 
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 16.1

Via RHSA-2022:6065 https://access.redhat.com/errata/RHSA-2022:6065
Comment 55 errata-xmlrpc 2022-08-15 09:46:08 UTC 
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 16.1

Via RHSA-2022:6066 https://access.redhat.com/errata/RHSA-2022:6066
Comment 67 errata-xmlrpc 2022-08-18 15:10:25 UTC 
This issue has been addressed in the following products:

  Application Interconnect 1 for RHEL 8

Via RHSA-2022:6113 https://access.redhat.com/errata/RHSA-2022:6113
Comment 68 errata-xmlrpc 2022-08-18 16:04:48 UTC 
This issue has been addressed in the following products:

  RHOL-5.5-RHEL-8

Via RHSA-2022:6051 https://access.redhat.com/errata/RHSA-2022:6051
Comment 70 errata-xmlrpc 2022-08-22 21:15:24 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.7

Via RHSA-2022:6053 https://access.redhat.com/errata/RHSA-2022:6053
Comment 71 errata-xmlrpc 2022-08-23 15:07:57 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.11

Via RHSA-2022:6103 https://access.redhat.com/errata/RHSA-2022:6103
Comment 72 errata-xmlrpc 2022-08-25 05:49:59 UTC 
This issue has been addressed in the following products:

  Self Node Remediation 0.4 for RHEL 8

Via RHSA-2022:6184 https://access.redhat.com/errata/RHSA-2022:6184
Comment 73 errata-xmlrpc 2022-08-25 10:09:01 UTC 
This issue has been addressed in the following products:

  Node Healthcheck Operator 0.3 for RHEL 8

Via RHSA-2022:6187 https://access.redhat.com/errata/RHSA-2022:6187
Comment 74 errata-xmlrpc 2022-08-25 11:21:07 UTC 
This issue has been addressed in the following products:

  Node Maintenance Operator 4.11 for RHEL 8

Via RHSA-2022:6188 https://access.redhat.com/errata/RHSA-2022:6188
Comment 75 errata-xmlrpc 2022-09-01 01:25:05 UTC 
This issue has been addressed in the following products:

  OADP-1.1-RHEL-8

Via RHSA-2022:6290 https://access.redhat.com/errata/RHSA-2022:6290
Comment 76 errata-xmlrpc 2022-09-01 05:41:08 UTC 
This issue has been addressed in the following products:

  OSSO-1.1-RHEL-8

Via RHSA-2022:6152 https://access.redhat.com/errata/RHSA-2022:6152
Comment 77 errata-xmlrpc 2022-09-06 12:58:18 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.6 for RHEL 8

Via RHSA-2022:6347 https://access.redhat.com/errata/RHSA-2022:6347
Comment 78 errata-xmlrpc 2022-09-06 13:02:25 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.6 for RHEL 8

Via RHSA-2022:6346 https://access.redhat.com/errata/RHSA-2022:6346
Comment 79 errata-xmlrpc 2022-09-06 13:22:26 UTC 
This issue has been addressed in the following products:

  OpenShift Logging 5.3

Via RHSA-2022:6182 https://access.redhat.com/errata/RHSA-2022:6182
Comment 80 errata-xmlrpc 2022-09-06 13:32:28 UTC 
This issue has been addressed in the following products:

  Logging subsystem for Red Hat OpenShift 5.4

Via RHSA-2022:6183 https://access.redhat.com/errata/RHSA-2022:6183
Comment 81 errata-xmlrpc 2022-09-06 13:42:47 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.5 for RHEL 8

Via RHSA-2022:6348 https://access.redhat.com/errata/RHSA-2022:6348
Comment 82 errata-xmlrpc 2022-09-06 14:33:40 UTC 
This issue has been addressed in the following products:

  multicluster engine for Kubernetes 2.1 for RHEL 8

Via RHSA-2022:6345 https://access.redhat.com/errata/RHSA-2022:6345
Comment 83 errata-xmlrpc 2022-09-06 17:00:33 UTC 
This issue has been addressed in the following products:

  RHOL-5.5-RHEL-8

Via RHSA-2022:6344 https://access.redhat.com/errata/RHSA-2022:6344
Comment 84 errata-xmlrpc 2022-09-06 22:29:24 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.6 for RHEL 8

Via RHSA-2022:6370 https://access.redhat.com/errata/RHSA-2022:6370
Comment 85 errata-xmlrpc 2022-09-09 05:14:53 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.6

Via RHSA-2022:6262 https://access.redhat.com/errata/RHSA-2022:6262
Comment 86 errata-xmlrpc 2022-09-13 00:58:37 UTC 
This issue has been addressed in the following products:

  Red Hat Migration Toolkit for Containers 1.7

Via RHSA-2022:6429 https://access.redhat.com/errata/RHSA-2022:6429
Comment 87 errata-xmlrpc 2022-09-13 02:10:08 UTC 
This issue has been addressed in the following products:

  OADP-1.0-RHEL-8

Via RHSA-2022:6430 https://access.redhat.com/errata/RHSA-2022:6430
Comment 88 errata-xmlrpc 2022-09-14 12:48:36 UTC 
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 16.2

Via RHSA-2022:6517 https://access.redhat.com/errata/RHSA-2022:6517
Comment 89 errata-xmlrpc 2022-09-14 20:38:42 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.8

Via RHSA-2022:6308 https://access.redhat.com/errata/RHSA-2022:6308
Comment 92 errata-xmlrpc 2022-09-26 09:41:14 UTC 
This issue has been addressed in the following products:

  OpenShift Logging 5.3

Via RHSA-2022:6560 https://access.redhat.com/errata/RHSA-2022:6560
Comment 93 errata-xmlrpc 2022-09-26 15:27:17 UTC 
This issue has been addressed in the following products:

  RHACS-3.72-RHEL-8

Via RHSA-2022:6714 https://access.redhat.com/errata/RHSA-2022:6714
Comment 99 errata-xmlrpc 2022-11-08 09:25:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:7519 https://access.redhat.com/errata/RHSA-2022:7519
Comment 100 errata-xmlrpc 2022-11-08 09:28:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:7529 https://access.redhat.com/errata/RHSA-2022:7529
Comment 101 errata-xmlrpc 2022-11-08 10:00:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:7648 https://access.redhat.com/errata/RHSA-2022:7648
Comment 102 errata-xmlrpc 2022-11-15 10:06:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:8057 https://access.redhat.com/errata/RHSA-2022:8057
Comment 103 errata-xmlrpc 2022-11-15 10:14:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:8098 https://access.redhat.com/errata/RHSA-2022:8098
Comment 104 errata-xmlrpc 2022-11-15 10:43:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:8250 https://access.redhat.com/errata/RHSA-2022:8250
Comment 124 errata-xmlrpc 2023-01-17 14:51:04 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2022:7398 https://access.redhat.com/errata/RHSA-2022:7398
Comment 125 errata-xmlrpc 2023-01-24 12:48:59 UTC 
This issue has been addressed in the following products:

  RHEL-8-CNV-4.12
  RHEL-7-CNV-4.12

Via RHSA-2023:0407 https://access.redhat.com/errata/RHSA-2023:0407
Comment 126 errata-xmlrpc 2023-01-24 13:34:48 UTC 
This issue has been addressed in the following products:

  RHEL-8-CNV-4.12

Via RHSA-2023:0408 https://access.redhat.com/errata/RHSA-2023:0408
Comment 133 errata-xmlrpc 2023-03-06 18:38:58 UTC 
This issue has been addressed in the following products:

  OpenShift Custom Metrics Autoscaler 2

Via RHSA-2023:1042 https://access.redhat.com/errata/RHSA-2023:1042
Comment 135 errata-xmlrpc 2023-03-30 00:43:14 UTC 
This issue has been addressed in the following products:

  STF-1.5-RHEL-8

Via RHSA-2023:1529 https://access.redhat.com/errata/RHSA-2023:1529
Comment 139 errata-xmlrpc 2023-05-16 08:08:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:2758 https://access.redhat.com/errata/RHSA-2023:2758
Comment 140 errata-xmlrpc 2023-05-16 08:14:35 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:2802 https://access.redhat.com/errata/RHSA-2023:2802
Comment 142 Product Security DevOps Team 2023-05-16 23:44:28 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-30631
Note You need to log in before you can comment on or make changes to this bug.