FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

go -- multiple vulnerabilities

Affected packages
go < 1.17.8,1

Details

VuXML ID e2af876f-a7c8-11ec-9a2a-002324b2fba8
Discovery 2022-02-09
Entry 2022-03-19

The Go project reports:

regexp: stack exhaustion compiling deeply nested expressions

On 64-bit platforms, an extremely deeply nested expression can cause regexp.Compile to cause goroutine stack exhaustion, forcing the program to exit. Note this applies to very large expressions, on the order of 2MB.

References

CVE Name CVE-2022-24921
URL https://github.com/golang/go/issues/51112