{"id":"MGASA-2022-0171","summary":"Updated golang packages fix security vulnerability","details":"encoding/pem: fix stack overflow in Decode. A large (more than 5 MB) PEM\ninput can cause a stack overflow in Decode, leading the program to crash\n(CVE-2022-24675)\n\ncrypto/elliptic: tolerate all oversized scalars in generic P-256.  A\ncrafted scalar input longer than 32 bytes can cause P256().ScalarMult\nor P256().ScalarBaseMult to panic. Indirect uses through crypto/ecdsa and\ncrypto/tls are unaffected. amd64, arm64, ppc64le, and s390x are unaffected.\n(CVE-2022-28327)\n","modified":"2026-02-01T17:09:43.690067Z","published":"2022-05-12T10:24:45Z","related":["CVE-2022-24675","CVE-2022-28327"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2022-0171.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=30362"},{"type":"REPORT","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6F72F4XQADWZ2XEWVPBHNKW46B6FKIXL/"}],"affected":[{"package":{"name":"golang","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/golang?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.17.9-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0171.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}