VDB
RHSA-2022%3A5923
RHSA-2022%3A5923
PUBLISHED
CVSS 7.5 HIGH
A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | stf/service-telemetry-operator-bundle@sha256:3b706752e59dbae16e7424afb0ee50a5964e2819a9a59d63c1ce24ce2916cefa_amd64 as a component of Service Telemetry Framework 1.3 for RHEL 8 | *, *, stf/service-telemetry-operator-bundle@sha256:3b706752e59dbae16e7424afb0ee50a5964e2819a9a59d63c1ce24ce2916cefa_amd64 |
| Red Hat | stf/service-telemetry-rhel8-operator@sha256:ea215ee4babe69cc2ba93fcf1dc08d2eb28235085e0c2971fd5925e02e1be2ab_amd64 as a component of Service Telemetry Framework 1.3 for RHEL 8 | stf/service-telemetry-rhel8-operator@sha256:ea215ee4babe69cc2ba93fcf1dc08d2eb28235085e0c2971fd5925e02e1be2ab_amd64, stf/service-telemetry-rhel8-operator@sha256:ea215ee4babe69cc2ba93fcf1dc08d2eb28235085e0c2971fd5925e02e1be2ab_amd64, stf/service-telemetry-rhel8-operator@sha256:ea215ee4babe69cc2ba93fcf1dc08d2eb28235085e0c2971fd5925e02e1be2ab_amd64 |
| golang | Go | |
| Red Hat | stf/sg-core-rhel8@sha256:bdd4cd7a04030d1663942b2a17af821bed0ffe9821bface25b2bbeaca9b55e53_amd64 as a component of Service Telemetry Framework 1.3 for RHEL 8 | *, *, stf/sg-core-rhel8@sha256:bdd4cd7a04030d1663942b2a17af821bed0ffe9821bface25b2bbeaca9b55e53_amd64 |
| golang | golang | |
| Red Hat | stf/smart-gateway-operator-bundle@sha256:692ce55706263a37bed081fbdbf3014214c88c566f28cc6bf2aff36ed1b4e15d_amd64 as a component of Service Telemetry Framework 1.3 for RHEL 8 | *, stf/smart-gateway-operator-bundle@sha256:692ce55706263a37bed081fbdbf3014214c88c566f28cc6bf2aff36ed1b4e15d_amd64, * |
| Red Hat | stf/prometheus-webhook-snmp@sha256:9ff69fe8a9920c2ec729ad560ce8f2c18c7f6987f19966b906cee553c58d5332_amd64 as a component of Service Telemetry Framework 1.3 for RHEL 8 | *, stf/prometheus-webhook-snmp@sha256:9ff69fe8a9920c2ec729ad560ce8f2c18c7f6987f19966b906cee553c58d5332_amd64, * |
| Red Hat | stf/service-telemetry-rhel8-operator@sha256:ea215ee4babe69cc2ba93fcf1dc08d2eb28235085e0c2971fd5925e02e1be2ab_amd64 as a component of Service Telemetry Framework 1.3 for RHEL 8 | stf/service-telemetry-rhel8-operator@sha256:ea215ee4babe69cc2ba93fcf1dc08d2eb28235085e0c2971fd5925e02e1be2ab_amd64, *, stf/service-telemetry-rhel8-operator@sha256:ea215ee4babe69cc2ba93fcf1dc08d2eb28235085e0c2971fd5925e02e1be2ab_amd64 |
| Red Hat | stf/smart-gateway-rhel8-operator@sha256:e9035549419b2ce67fcfcd04f5dbd5d69baa4079b259e8431ba0a8c88dd34a02_amd64 as a component of Service Telemetry Framework 1.3 for RHEL 8 | stf/smart-gateway-rhel8-operator@sha256:e9035549419b2ce67fcfcd04f5dbd5d69baa4079b259e8431ba0a8c88dd34a02_amd64, stf/smart-gateway-rhel8-operator@sha256:e9035549419b2ce67fcfcd04f5dbd5d69baa4079b259e8431ba0a8c88dd34a02_amd64, stf/smart-gateway-rhel8-operator@sha256:e9035549419b2ce67fcfcd04f5dbd5d69baa4079b259e8431ba0a8c88dd34a02_amd64 |
| Red Hat | stf/prometheus-webhook-snmp@sha256:9ff69fe8a9920c2ec729ad560ce8f2c18c7f6987f19966b906cee553c58d5332_amd64 as a component of Service Telemetry Framework 1.3 for RHEL 8 | *, stf/prometheus-webhook-snmp@sha256:9ff69fe8a9920c2ec729ad560ce8f2c18c7f6987f19966b906cee553c58d5332_amd64, * |
| Red Hat | stf/service-telemetry-operator-bundle@sha256:3b706752e59dbae16e7424afb0ee50a5964e2819a9a59d63c1ce24ce2916cefa_amd64 as a component of Service Telemetry Framework 1.3 for RHEL 8 | stf/service-telemetry-operator-bundle@sha256:3b706752e59dbae16e7424afb0ee50a5964e2819a9a59d63c1ce24ce2916cefa_amd64, stf/service-telemetry-operator-bundle@sha256:3b706752e59dbae16e7424afb0ee50a5964e2819a9a59d63c1ce24ce2916cefa_amd64, stf/service-telemetry-operator-bundle@sha256:3b706752e59dbae16e7424afb0ee50a5964e2819a9a59d63c1ce24ce2916cefa_amd64 |
| Red Hat | stf/sg-bridge-rhel8@sha256:7b458c31fd82033bb3fe70646bb1e6b6ae8f81b7531b66ceea494c0d72b79986_amd64 as a component of Service Telemetry Framework 1.3 for RHEL 8 | *, stf/sg-bridge-rhel8@sha256:7b458c31fd82033bb3fe70646bb1e6b6ae8f81b7531b66ceea494c0d72b79986_amd64, * |
| Red Hat | stf/smart-gateway-operator-bundle@sha256:692ce55706263a37bed081fbdbf3014214c88c566f28cc6bf2aff36ed1b4e15d_amd64 as a component of Service Telemetry Framework 1.3 for RHEL 8 | stf/smart-gateway-operator-bundle@sha256:692ce55706263a37bed081fbdbf3014214c88c566f28cc6bf2aff36ed1b4e15d_amd64, *, stf/smart-gateway-operator-bundle@sha256:692ce55706263a37bed081fbdbf3014214c88c566f28cc6bf2aff36ed1b4e15d_amd64 |
| Red Hat | stf/sg-core-rhel8@sha256:bdd4cd7a04030d1663942b2a17af821bed0ffe9821bface25b2bbeaca9b55e53_amd64 as a component of Service Telemetry Framework 1.3 for RHEL 8 | stf/sg-core-rhel8@sha256:bdd4cd7a04030d1663942b2a17af821bed0ffe9821bface25b2bbeaca9b55e53_amd64, stf/sg-core-rhel8@sha256:bdd4cd7a04030d1663942b2a17af821bed0ffe9821bface25b2bbeaca9b55e53_amd64, stf/sg-core-rhel8@sha256:bdd4cd7a04030d1663942b2a17af821bed0ffe9821bface25b2bbeaca9b55e53_amd64 |
| Red Hat | stf/smart-gateway-rhel8-operator@sha256:e9035549419b2ce67fcfcd04f5dbd5d69baa4079b259e8431ba0a8c88dd34a02_amd64 as a component of Service Telemetry Framework 1.3 for RHEL 8 | *, stf/smart-gateway-rhel8-operator@sha256:e9035549419b2ce67fcfcd04f5dbd5d69baa4079b259e8431ba0a8c88dd34a02_amd64, stf/smart-gateway-rhel8-operator@sha256:e9035549419b2ce67fcfcd04f5dbd5d69baa4079b259e8431ba0a8c88dd34a02_amd64 |
| Red Hat | stf/sg-bridge-rhel8@sha256:7b458c31fd82033bb3fe70646bb1e6b6ae8f81b7531b66ceea494c0d72b79986_amd64 as a component of Service Telemetry Framework 1.3 for RHEL 8 | *, *, stf/sg-bridge-rhel8@sha256:7b458c31fd82033bb3fe70646bb1e6b6ae8f81b7531b66ceea494c0d72b79986_amd64 |
Timeline
- Aug 8, 2022 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Jun 19, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2022:5923 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2107342 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_5923.json advisory
- https://access.redhat.com/security/cve/CVE-2022-30631 advisory
- https://www.cve.org/CVERecord?id=CVE-2022-30631 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-30631 advisory
- https://go.dev/issue/53168 advisory
- https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE advisory