Home > Vulnerability Database > CVE-2022-41715

Mend.io Vulnerability Database

CVE-2022-41715

Good to know:

Date: October 14, 2022

Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected.

Language: Go

Severity Score

7.5

Related Resources (11)

Url: https://go.dev/cl/439356

Url: https://security-tracker.debian.org/tracker/CVE-2022-41715

Url: https://go.dev/issue/55949

Url: https://access.redhat.com/security/cve/CVE-2022-41715

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2022-41715

Url: https://security.gentoo.org/glsa/202311-09

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/THKJHFMX4DAZXJ5MFPN3BNHZDN7BW5RI/

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-41715

Url: https://groups.google.com/g/golang-announce/c/xtuG5faxtaU

Url: https://pkg.go.dev/vuln/GO-2022-1039

Url: https://www.mend.io/vulnerability-database/CVE-2022-41715

Severity Score

7.5

Top Fix

Upgrade Version

Upgrade to version go1.18.7,go1.19.2

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-41715

Good to know:

Date: October 14, 2022

Language: Go

Severity Score

Related Resources (11)

Severity Score

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?