{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-03T21:03:26.542","vulnerabilities":[{"cve":{"id":"CVE-2022-2879","sourceIdentifier":"security@golang.org","published":"2022-10-14T15:15:17.647","lastModified":"2024-11-21T07:01:51.487","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB."},{"lang":"es","value":"Reader.Read no establece un límite en el tamaño máximo de los encabezados de los archivos. Un archivo diseñado de forma maliciosa podía causar que Read asignara cantidades ilimitadas de memoria, causando potencialmente el agotamiento de los recursos o el pánico. Tras la corrección, Reader.Read limita el tamaño máximo de los bloques de encabezado a 1 MiB"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*","versionEndExcluding":"1.18.7","matchCriteriaId":"9CB667C1-EC12-4400-B4F0-6D3B7DDAAD99"},{"vulnerable":true,"criteria":"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*","versionStartIncluding":"1.19.0","versionEndExcluding":"1.19.2","matchCriteriaId":"7614AA04-CA34-4ED8-B580-005EA84BD5B4"}]}]}],"references":[{"url":"https://go.dev/cl/439355","source":"security@golang.org","tags":["Patch"]},{"url":"https://go.dev/issue/54853","source":"security@golang.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://groups.google.com/g/golang-announce/c/xtuG5faxtaU","source":"security@golang.org","tags":["Mailing List","Release Notes"]},{"url":"https://pkg.go.dev/vuln/GO-2022-1037","source":"security@golang.org","tags":["Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/202311-09","source":"security@golang.org"},{"url":"https://go.dev/cl/439355","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://go.dev/issue/54853","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://groups.google.com/g/golang-announce/c/xtuG5faxtaU","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Release Notes"]},{"url":"https://pkg.go.dev/vuln/GO-2022-1037","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/202311-09","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}