Updated: 2026-02-27 02:13:12.750559
Description:
Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | HIGH | 7.5 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | golang | 1.19.13 | 7.5 | HIGH | Already Fixed | 2025-05-27 03:52:49 | ||
| AlmaLinux 9.2 ESU | grafana | 9.0.9 | 7.5 | HIGH | Already Fixed | 2025-07-11 01:42:54 | ||
| AlmaLinux 9.2 ESU | grafana-pcp | 5.1.1 | 7.5 | HIGH | Already Fixed | 2025-11-05 15:53:17 | ||
| AlmaLinux 9.2 ESU | runc | 1.1.4 | 7.5 | HIGH | Not Vulnerable | 2025-11-27 10:35:47 | ||
| AlmaLinux 9.2 ESU | toolbox | 0.0.99.3 | 7.5 | HIGH | Not Vulnerable | 2025-10-31 11:54:44 |