Updated: 2026-02-27 00:57:40.111116
Description:
Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | HIGH | 7.5 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | golang | 1.19.13 | 7.5 | HIGH | Not Vulnerable | 2025-05-27 03:52:49 | Not affected: The uncontrolled recursion flaw in io/fs Glob was fixed upstream (commit fa2d41d0) and... | |
| AlmaLinux 9.2 ESU | git-lfs | 3.2.0 | 7.5 | HIGH | Not Vulnerable | 2025-10-31 22:54:34 | Not affected: The uncontrolled recursion flaw in io/fs Glob was fixed upstream (commit fa2d41d0) and... | |
| AlmaLinux 9.2 ESU | grafana | 9.0.9 | 7.5 | HIGH | Already Fixed | 2025-07-11 01:42:54 | Not affected: The uncontrolled recursion flaw in io/fs Glob was fixed upstream (commit fa2d41d0) and... | |
| AlmaLinux 9.2 ESU | grafana-pcp | 5.1.1 | 7.5 | HIGH | Already Fixed | 2025-11-05 15:53:21 | Not affected: The uncontrolled recursion flaw in io/fs Glob was fixed upstream (commit fa2d41d0) and... | |
| AlmaLinux 9.2 ESU | runc | 1.1.4 | 7.5 | HIGH | Not Vulnerable | 2025-11-27 10:35:49 | Not affected: The uncontrolled recursion flaw in io/fs Glob was fixed upstream (commit fa2d41d0) and... | |
| AlmaLinux 9.2 ESU | toolbox | 0.0.99.3 | 7.5 | HIGH | Not Vulnerable | 2025-10-31 22:53:12 | Not affected: The uncontrolled recursion flaw in io/fs Glob was fixed upstream (commit fa2d41d0) and... |