VDB
RHSA-2022%3A5924
RHSA-2022%3A5924
PUBLISHED
CVSS 7.5 HIGH
A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | stf/service-telemetry-rhel8-operator@sha256:09d3e140b6561baa1802d9702274450d9a5ffe769516db70efdd8811ba36edaa_amd64 as a component of Service Telemetry Framework 1.4 for RHEL 8 | stf/service-telemetry-rhel8-operator@sha256:09d3e140b6561baa1802d9702274450d9a5ffe769516db70efdd8811ba36edaa_amd64, stf/service-telemetry-rhel8-operator@sha256:09d3e140b6561baa1802d9702274450d9a5ffe769516db70efdd8811ba36edaa_amd64, stf/service-telemetry-rhel8-operator@sha256:09d3e140b6561baa1802d9702274450d9a5ffe769516db70efdd8811ba36edaa_amd64 |
| Red Hat | stf/service-telemetry-rhel8-operator@sha256:09d3e140b6561baa1802d9702274450d9a5ffe769516db70efdd8811ba36edaa_amd64 as a component of Service Telemetry Framework 1.4 for RHEL 8 | *, stf/service-telemetry-rhel8-operator@sha256:09d3e140b6561baa1802d9702274450d9a5ffe769516db70efdd8811ba36edaa_amd64, stf/service-telemetry-rhel8-operator@sha256:09d3e140b6561baa1802d9702274450d9a5ffe769516db70efdd8811ba36edaa_amd64 |
| Red Hat | stf/smart-gateway-rhel8-operator@sha256:16c2f3232dbc7bb4cbaa21e55ae49f7f361723b41e3eb4c6eac380316333c4b4_amd64 as a component of Service Telemetry Framework 1.4 for RHEL 8 | *, stf/smart-gateway-rhel8-operator@sha256:16c2f3232dbc7bb4cbaa21e55ae49f7f361723b41e3eb4c6eac380316333c4b4_amd64, stf/smart-gateway-rhel8-operator@sha256:16c2f3232dbc7bb4cbaa21e55ae49f7f361723b41e3eb4c6eac380316333c4b4_amd64 |
| Red Hat | stf/sg-bridge-rhel8@sha256:384d4a4d4b29d2ca1d563438f39e53ee69b60744e5039d54cb6e5b7431da916e_amd64 as a component of Service Telemetry Framework 1.4 for RHEL 8 | *, *, stf/sg-bridge-rhel8@sha256:384d4a4d4b29d2ca1d563438f39e53ee69b60744e5039d54cb6e5b7431da916e_amd64 |
| Red Hat | stf/smart-gateway-operator-bundle@sha256:92fd0cd377f7686375ada6df206362ef2337337c669ba3d7b367580af6769b1a_amd64 as a component of Service Telemetry Framework 1.4 for RHEL 8 | stf/smart-gateway-operator-bundle@sha256:92fd0cd377f7686375ada6df206362ef2337337c669ba3d7b367580af6769b1a_amd64, *, stf/smart-gateway-operator-bundle@sha256:92fd0cd377f7686375ada6df206362ef2337337c669ba3d7b367580af6769b1a_amd64 |
| Red Hat | stf/sg-bridge-rhel8@sha256:384d4a4d4b29d2ca1d563438f39e53ee69b60744e5039d54cb6e5b7431da916e_amd64 as a component of Service Telemetry Framework 1.4 for RHEL 8 | stf/sg-bridge-rhel8@sha256:384d4a4d4b29d2ca1d563438f39e53ee69b60744e5039d54cb6e5b7431da916e_amd64, *, * |
| Red Hat | stf/prometheus-webhook-snmp@sha256:2e916680e45318420dbefe551bfa92b353e7c1dc7c49f9482e1a09f53d3b318a_amd64 as a component of Service Telemetry Framework 1.4 for RHEL 8 | stf/prometheus-webhook-snmp@sha256:2e916680e45318420dbefe551bfa92b353e7c1dc7c49f9482e1a09f53d3b318a_amd64, stf/prometheus-webhook-snmp@sha256:2e916680e45318420dbefe551bfa92b353e7c1dc7c49f9482e1a09f53d3b318a_amd64, stf/prometheus-webhook-snmp@sha256:2e916680e45318420dbefe551bfa92b353e7c1dc7c49f9482e1a09f53d3b318a_amd64 |
| Red Hat | stf/sg-core-rhel8@sha256:8aac2e574007117aa147c84963c1e24ca30b230836b2a8e7116926ed5549e1bf_amd64 as a component of Service Telemetry Framework 1.4 for RHEL 8 | stf/sg-core-rhel8@sha256:8aac2e574007117aa147c84963c1e24ca30b230836b2a8e7116926ed5549e1bf_amd64, stf/sg-core-rhel8@sha256:8aac2e574007117aa147c84963c1e24ca30b230836b2a8e7116926ed5549e1bf_amd64, stf/sg-core-rhel8@sha256:8aac2e574007117aa147c84963c1e24ca30b230836b2a8e7116926ed5549e1bf_amd64 |
| Red Hat | stf/service-telemetry-operator-bundle@sha256:056c5be73b432b0e7b26b8bab03ba625ab4f8422bc79d5064ff1d911fe29e056_amd64 as a component of Service Telemetry Framework 1.4 for RHEL 8 | stf/service-telemetry-operator-bundle@sha256:056c5be73b432b0e7b26b8bab03ba625ab4f8422bc79d5064ff1d911fe29e056_amd64, *, stf/service-telemetry-operator-bundle@sha256:056c5be73b432b0e7b26b8bab03ba625ab4f8422bc79d5064ff1d911fe29e056_amd64 |
| Red Hat | stf/service-telemetry-operator-bundle@sha256:056c5be73b432b0e7b26b8bab03ba625ab4f8422bc79d5064ff1d911fe29e056_amd64 as a component of Service Telemetry Framework 1.4 for RHEL 8 | stf/service-telemetry-operator-bundle@sha256:056c5be73b432b0e7b26b8bab03ba625ab4f8422bc79d5064ff1d911fe29e056_amd64, *, stf/service-telemetry-operator-bundle@sha256:056c5be73b432b0e7b26b8bab03ba625ab4f8422bc79d5064ff1d911fe29e056_amd64 |
| Red Hat | stf/smart-gateway-rhel8-operator@sha256:16c2f3232dbc7bb4cbaa21e55ae49f7f361723b41e3eb4c6eac380316333c4b4_amd64 as a component of Service Telemetry Framework 1.4 for RHEL 8 | stf/smart-gateway-rhel8-operator@sha256:16c2f3232dbc7bb4cbaa21e55ae49f7f361723b41e3eb4c6eac380316333c4b4_amd64, *, stf/smart-gateway-rhel8-operator@sha256:16c2f3232dbc7bb4cbaa21e55ae49f7f361723b41e3eb4c6eac380316333c4b4_amd64 |
| Red Hat | stf/sg-core-rhel8@sha256:8aac2e574007117aa147c84963c1e24ca30b230836b2a8e7116926ed5549e1bf_amd64 as a component of Service Telemetry Framework 1.4 for RHEL 8 | *, stf/sg-core-rhel8@sha256:8aac2e574007117aa147c84963c1e24ca30b230836b2a8e7116926ed5549e1bf_amd64, stf/sg-core-rhel8@sha256:8aac2e574007117aa147c84963c1e24ca30b230836b2a8e7116926ed5549e1bf_amd64 |
| golang | go | |
| Red Hat | stf/prometheus-webhook-snmp@sha256:2e916680e45318420dbefe551bfa92b353e7c1dc7c49f9482e1a09f53d3b318a_amd64 as a component of Service Telemetry Framework 1.4 for RHEL 8 | stf/prometheus-webhook-snmp@sha256:2e916680e45318420dbefe551bfa92b353e7c1dc7c49f9482e1a09f53d3b318a_amd64, *, * |
| Red Hat | stf/smart-gateway-operator-bundle@sha256:92fd0cd377f7686375ada6df206362ef2337337c669ba3d7b367580af6769b1a_amd64 as a component of Service Telemetry Framework 1.4 for RHEL 8 | stf/smart-gateway-operator-bundle@sha256:92fd0cd377f7686375ada6df206362ef2337337c669ba3d7b367580af6769b1a_amd64, *, stf/smart-gateway-operator-bundle@sha256:92fd0cd377f7686375ada6df206362ef2337337c669ba3d7b367580af6769b1a_amd64 |
Timeline
- Aug 8, 2022 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Jun 19, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2022:5924 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2107342 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_5924.json advisory
- https://access.redhat.com/security/cve/CVE-2022-30631 advisory
- https://www.cve.org/CVERecord?id=CVE-2022-30631 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-30631 advisory
- https://go.dev/issue/53168 advisory
- https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE advisory