High severity7.5NVD Advisory· Published Jul 15, 2022· Updated Jun 17, 2026
CVE-2022-30634
CVE-2022-30634
Description
Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
21- osv-coords20 versionspkg:bitnami/golangpkg:rpm/opensuse/go1.17&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/go1.17&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/go1.17&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/go1.18&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/go1.18&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/go1.18&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/go1.18-openssl&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/go1.18-openssl&distro=openSUSE%20Leap%2015.5pkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3pkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4pkg:rpm/suse/go1.18&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3pkg:rpm/suse/go1.18&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4pkg:rpm/suse/go1.18-openssl&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/go1.18-openssl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/go1.18-openssl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/go1.18-openssl&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4pkg:rpm/suse/go1.18-openssl&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3pkg:rpm/suse/go1.18-openssl&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/go1.18-openssl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3
< 1.17.11+ 19 more
- (no CPE)range: < 1.17.11
- (no CPE)range: < 1.17.11-150000.1.37.1
- (no CPE)range: < 1.17.11-150000.1.37.1
- (no CPE)range: < 1.17.11-1.1
- (no CPE)range: < 1.18.3-150000.1.20.1
- (no CPE)range: < 1.18.3-150000.1.20.1
- (no CPE)range: < 1.18.3-1.1
- (no CPE)range: < 1.18.10.1-150000.1.9.1
- (no CPE)range: < 1.18.10.1-150000.1.9.1
- (no CPE)range: < 1.17.11-150000.1.37.1
- (no CPE)range: < 1.17.11-150000.1.37.1
- (no CPE)range: < 1.18.3-150000.1.20.1
- (no CPE)range: < 1.18.3-150000.1.20.1
- (no CPE)range: < 1.18.10.1-150000.1.9.1
- (no CPE)range: < 1.18.10.1-150000.1.9.1
- (no CPE)range: < 1.18.10.1-150000.1.9.1
- (no CPE)range: < 1.18.10.1-150000.1.9.1
- (no CPE)range: < 1.18.10.1-150000.1.9.1
- (no CPE)range: < 1.18.10.1-150000.1.9.1
- (no CPE)range: < 1.18.10.1-150000.1.9.1
- Go standard library/crypto/randv5Range: 0
Patches
Vulnerability mechanics
References
5- go.dev/cl/402257nvdPatch
- go.googlesource.com/go/+/bb1f4416180511231de6d17a1f2f55c82aafc863nvdMailing ListPatch
- go.dev/issue/52561nvdExploitIssue Tracking
- groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJnvdMailing ListThird Party Advisory
- pkg.go.dev/vuln/GO-2022-0477nvdThird Party Advisory
News mentions
0No linked articles in our index yet.