{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T23:43:19.361","vulnerabilities":[{"cve":{"id":"CVE-2022-39213","sourceIdentifier":"security-advisories@github.com","published":"2022-09-15T22:15:11.463","lastModified":"2024-11-21T07:17:48.043","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"go-cvss is a Go module to manipulate Common Vulnerability Scoring System (CVSS). In affected versions when a full CVSS v2.0 vector string is parsed using `ParseVector`, an Out-of-Bounds Read is possible due to a lack of tests. The Go module will then panic. The problem is patched in tag `v0.4.0`, by the commit `d9d478ff0c13b8b09ace030db9262f3c2fe031f4`. Users are advised to upgrade. Users unable to upgrade may avoid this issue by parsing only CVSS v2.0 vector strings that do not have all attributes defined (e.g. `AV:N/AC:L/Au:N/C:P/I:P/A:C/E:U/RL:OF/RC:C/CDP:MH/TD:H/CR:M/IR:M/AR:M`). As stated in [SECURITY.md](https://github.com/pandatix/go-cvss/blob/master/SECURITY.md), the CPE v2.3 to refer to this Go module is `cpe:2.3:a:pandatix:go_cvss:*:*:*:*:*:*:*:*`. The entry has already been requested to the NVD CPE dictionary."},{"lang":"es","value":"go-cvss es un módulo Go para manipular el Sistema de Puntuación de Vulnerabilidad Común (CVSS). En las versiones afectadas, cuando es analizada una cadena de vectores CVSS versión v2.0 completa mediante \"ParseVector\", es posible que sea producida una lectura fuera de los límites debido a una falta de pruebas. El módulo Go entrará en pánico. El problema está parcheado en la etiqueta \"v0.4.0\", mediante el commit \"d9d478ff0c13b8b09ace030db9262f3c2fe031f4\". Es recomendado a usuarios actualizar. Los usuarios que no puedan actualizar pueden evitar este problema al analizar sólo las cadenas de vectores CVSS versión v2.0 que no tengan todos los atributos definidos (por ejemplo, \"AV:N/AC:L/Au:N/C:P/I:P/A:C/E:U/RL:OF/RC:C/CDP:MH/TD:H/CR:M/IR:M/AR:M\"). Como es indicado en [SECURITY.md](https://github.com/pandatix/go-cvss/blob/master/SECURITY.md), el CPE versión v2.3 para referirse a este módulo Go es \"cpe:2.3:a:pandatix:go_cvss:*:*:*:*:*\". La entrada ya ha sido solicitada al diccionario CPE de NVD"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pandatix:go-cvss:*:*:*:*:*:go:*:*","versionStartIncluding":"0.2.0","versionEndExcluding":"0.4.0","matchCriteriaId":"28A62F97-906C-4EC0-AB63-E8F47A8E33D1"}]}]}],"references":[{"url":"https://github.com/pandatix/go-cvss/blob/master/SECURITY.md","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/pandatix/go-cvss/commit/d9d478ff0c13b8b09ace030db9262f3c2fe031f4","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/pandatix/go-cvss/security/advisories/GHSA-xhmf-mmv2-4hhx","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/pandatix/go-cvss/blob/master/SECURITY.md","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://github.com/pandatix/go-cvss/commit/d9d478ff0c13b8b09ace030db9262f3c2fe031f4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/pandatix/go-cvss/security/advisories/GHSA-xhmf-mmv2-4hhx","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}