这是indexloc提供的服务,不要输入任何密码
Skip to content

path/filepath: stack exhaustion in Glob #53416

New issue
New issue
Closed
Closed
path/filepath: stack exhaustion in Glob#53416
Labels
FrozenDueToAgeNeedsFixThe path to resolution is known, but the work has not been done.Securityrelease-blocker
Milestone
Go1.19
@julieqiu

Description

@julieqiu
julieqiu
opened on Jun 16, 2022

Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion.

Thanks to Juho Nurminen of Mattermost for reporting this issue.

This is CVE-2022-30632.

(This was a PRIVATE issue tracked in b/226945200 and fixed by http://tg/1498176.)

Metadata

Metadata

Assignees

No one assigned

    Labels

    FrozenDueToAgeNeedsFixThe path to resolution is known, but the work has not been done.Securityrelease-blocker

    Type

    No type

    Projects

    Release Blockers

    Status

    Done

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions