You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2022 30631
About this tag
CVE-2022-30631 is a vulnerability in Go's standard library compress/gzip Reader.Read function, disclosed on July 20, 2022. It involves an uncontrolled recursion bug that can cause a denial of service (DoS) by exhausting the stack when parsing archives composed of many concatenated zero-length compressed files. This issue affects Go-based services and applications that process gzip data. The vulnerability was fixed in Go versions 1.17.12 and 1.18.4. Discussions on WindowsForum cover the technical details, impact, and mitigation steps for this CVE, which is tracked as GO-2022-0524 on the Go tracker.
A simple, malformed gzip archive can still bring down a Go-based service: an uncontrolled recursion bug in Go’s standard library compress/gzip Reader.Read lets an attacker crash applications by exhausting the stack when parsing archives composed of many concatenated zero-length compressed files...