{"id":"CVE-2022-24921","details":"regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.","aliases":["BIT-golang-2022-24921","GO-2021-0347"],"modified":"2026-05-15T11:53:26.545946796Z","published":"2022-03-05T00:00:00Z","related":["SUSE-SU-2022:1164-1","SUSE-SU-2022:1167-1","openSUSE-SU-2024:11892-1","openSUSE-SU-2024:11893-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/24xxx/CVE-2022-24921.json","unresolved_ranges":[{"source":"DESCRIPTION","extracted_events":[{"fixed":"1.16.15"},{"introduced":"1.17.x"},{"fixed":"1.17.8"}]}],"cna_assigner":"mitre"},"references":[{"type":"WEB","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf"},{"type":"WEB","url":"https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/24xxx/CVE-2022-24921.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24921"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202208-02"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20220325-0010/"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html"}],"schema_version":"1.7.5"}