CVE-2022-41727 - OpenCVE

An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fedoraproject	Fedora
Golang	Image Tiff

Configuration 1 [-]

OR	cpe:2.3:a:golang:image::::::go::*
	cpe:2.3:a:golang:tiff:-:::::go::

Configuration 2 [-]

OR	cpe:2.3:o:fedoraproject:fedora:37:::::::*
	cpe:2.3:o:fedoraproject:fedora:38:::::::*

No data.

References

Link	Providers
https://go.dev/cl/468195
https://go.dev/issue/58003
https://groups.google.com/g/golang-announce/c/ag-FiyjlD5o
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KO54NBDUJXKAZNGCFOEYL2LKK2RQP6K6/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWH6Q7NVM4MV3GWFEU4PA67AWZHVFJQ2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XZTEP6JYILRBNDTNWTEQ5D4QUUVQBESK/
https://nvd.nist.gov/vuln/detail/CVE-2022-41727
https://pkg.go.dev/vuln/GO-2023-1572
https://www.cve.org/CVERecord?id=CVE-2022-41727

History

No history.

MITRE

Status: PUBLISHED

Assigner: Go

Published: 2023-02-28T17:19:47.090Z

Updated: 2024-08-03T12:49:43.923Z

Reserved: 2022-09-28T17:03:42.049Z

Link: CVE-2022-41727

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-02-28T18:15:10.200

Modified: 2023-11-07T03:52:56.437

Link: CVE-2022-41727

Redhat

Severity : Moderate

Publid Date: 2023-02-28T00:00:00Z

Links: CVE-2022-41727 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-41727", "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "state": "PUBLISHED", "assignerShortName": "Go", "dateReserved": "2022-09-28T17:03:42.049Z", "datePublished": "2023-02-28T17:19:47.090Z", "dateUpdated": "2024-08-03T12:49:43.923Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go", "dateUpdated": "2023-06-12T19:07:47.650Z"}, "title": "Denial of service via crafted TIFF image in golang.org/x/image/tiff", "descriptions": [{"lang": "en", "value": "An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service."}], "affected": [{"vendor": "golang.org/x/image", "product": "golang.org/x/image/tiff", "collectionURL": "https://pkg.go.dev", "packageName": "golang.org/x/image/tiff", "versions": [{"version": "0", "lessThan": "0.5.0", "status": "affected", "versionType": "semver"}], "programRoutines": [{"name": "decoder.ifdUint"}, {"name": "newDecoder"}, {"name": "Decode"}, {"name": "DecodeConfig"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-400: Uncontrolled Resource Consumption"}]}], "references": [{"url": "https://go.dev/issue/58003"}, {"url": "https://go.dev/cl/468195"}, {"url": "https://groups.google.com/g/golang-announce/c/ag-FiyjlD5o"}, {"url": "https://pkg.go.dev/vuln/GO-2023-1572"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KO54NBDUJXKAZNGCFOEYL2LKK2RQP6K6/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWH6Q7NVM4MV3GWFEU4PA67AWZHVFJQ2/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XZTEP6JYILRBNDTNWTEQ5D4QUUVQBESK/"}], "credits": [{"lang": "en", "value": "Philippe Antoine (Catena cyber)"}, {"lang": "en", "value": "OSS Fuzz"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:49:43.923Z"}, "title": "CVE Program Container", "references": [{"url": "https://go.dev/issue/58003", "tags": ["x_transferred"]}, {"url": "https://go.dev/cl/468195", "tags": ["x_transferred"]}, {"url": "https://groups.google.com/g/golang-announce/c/ag-FiyjlD5o", "tags": ["x_transferred"]}, {"url": "https://pkg.go.dev/vuln/GO-2023-1572", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KO54NBDUJXKAZNGCFOEYL2LKK2RQP6K6/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWH6Q7NVM4MV3GWFEU4PA67AWZHVFJQ2/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XZTEP6JYILRBNDTNWTEQ5D4QUUVQBESK/", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:golang:image:*:*:*:*:*:go:*:*", "matchCriteriaId": "0F6F1ACD-0877-4166-A546-4FFF4046AAE4", "versionEndExcluding": "0.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:golang:tiff:-:*:*:*:*:go:*:*", "matchCriteriaId": "6799AD0E-4DCC-4BE8-B437-C3D68222F918", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service."}], "id": "CVE-2022-41727", "lastModified": "2023-11-07T03:52:56.437", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-02-28T18:15:10.200", "references": [{"source": "security@golang.org", "tags": ["Patch"], "url": "https://go.dev/cl/468195"}, {"source": "security@golang.org", "tags": ["Issue Tracking"], "url": "https://go.dev/issue/58003"}, {"source": "security@golang.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://groups.google.com/g/golang-announce/c/ag-FiyjlD5o"}, {"source": "security@golang.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KO54NBDUJXKAZNGCFOEYL2LKK2RQP6K6/"}, {"source": "security@golang.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWH6Q7NVM4MV3GWFEU4PA67AWZHVFJQ2/"}, {"source": "security@golang.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XZTEP6JYILRBNDTNWTEQ5D4QUUVQBESK/"}, {"source": "security@golang.org", "tags": ["Vendor Advisory"], "url": "https://pkg.go.dev/vuln/GO-2023-1572"}], "sourceIdentifier": "security@golang.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "golang.org/x/image: Uncontrolled Resource Consumption", "id": "2174311", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174311"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-400", "details": ["An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service.", "A flaw was found in golang. This flaw allows an attacker to craft a malformed TIFF image, which will consume a significant amount of memory when passed to DecodeConfig, leading to a denial of service."], "name": "CVE-2022-41727", "package_state": [{"cpe": "cpe:/a:redhat:cert_manager:1", "fix_state": "Not affected", "package_name": "cert-manager/cert-manager-operator-rhel9", "product_name": "cert-manager Operator for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:cost_management:", "fix_state": "Not affected", "package_name": "costmanagement/costmanagement-metrics-rhel8-operator", "product_name": "Cost Management"}, {"cpe": "cpe:/a:redhat:cryostat:2", "fix_state": "Not affected", "package_name": "cryostat-20-tech-preview/cryostat-rhel8-operator", "product_name": "Cryostat 2"}, {"cpe": "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2", "fix_state": "Not affected", "package_name": "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8", "product_name": "Custom metric autoscaler Operator for Red Hat Openshift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Not affected", "package_name": "openshift-logging/logging-loki-rhel8", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:migration_toolkit_applications:6", "fix_state": "Not affected", "package_name": "mta/mta-hub-rhel8", "product_name": "Migration Toolkit for Applications 6"}, {"cpe": "cpe:/a:redhat:rhmt", "fix_state": "Not affected", "package_name": "rhmtc/openshift-migration-velero-rhel8", "product_name": "Migration Toolkit for Containers"}, {"cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2", "fix_state": "Not affected", "package_name": "migration-toolkit-virtualization/mtv-controller-rhel8", "product_name": "Migration Toolkit for Virtualization"}, {"cpe": "cpe:/a:redhat:mirror_registry:1", "fix_state": "Not affected", "package_name": "mirror-registry-container", "product_name": "mirror registry for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:workload_availability:4", "fix_state": "Not affected", "package_name": "node-maintenance-operator-container", "product_name": "Node Maintenance Operator"}, {"cpe": "cpe:/a:redhat:openshift_api_data_protection:1", "fix_state": "Not affected", "package_name": "oadp/oadp-velero-rhel8", "product_name": "OpenShift API for Data Protection"}, {"cpe": "cpe:/a:redhat:openshift_secondary_scheduler:1", "fix_state": "Not affected", "package_name": "openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8", "product_name": "OpenShift Secondary Scheduler Operator"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "openshift-serverless-1/client-kn-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Not affected", "package_name": "3scale-operator-container", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/thanos-rhel7", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Not affected", "package_name": "advanced-cluster-security/rhacs-main-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:ceph_storage:5", "fix_state": "Not affected", "package_name": "rhceph/rhceph-5-dashboard-rhel8", "product_name": "Red Hat Ceph Storage 5"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-etcd", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:assisted_installer:", "fix_state": "Not affected", "package_name": "rhai-tech-preview/assisted-installer-rhel8", "product_name": "Red Hat OpenShift Container Platform Assisted Installer"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Not affected", "package_name": "ocs4/cephcsi-rhel8", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/cephcsi-rhel8", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Not affected", "package_name": "rhods/odh-mm-rest-proxy-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2", "fix_state": "Not affected", "package_name": "rhosdt/jaeger-agent-rhel8", "product_name": "Red Hat OpenShift distributed tracing 2"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Not affected", "package_name": "openshift-gitops-1/gitops-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_sandboxed_containers:1", "fix_state": "Not affected", "package_name": "openshift-sandboxed-containers-tech-preview/osc-rhel8-operator", "product_name": "Red Hat Openshift sandboxed containers"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Not affected", "package_name": "rhosp-rhel8/osp-director-agent", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Not affected", "package_name": "quay/quay-builder-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:service_telemetry_framework:1.4::el8", "fix_state": "Not affected", "package_name": "stf/sg-core-rhel8", "product_name": "Service Telemetry Framework 1.4 for RHEL 8"}, {"cpe": "cpe:/a:redhat:service_telemetry_framework:1.5::el8", "fix_state": "Not affected", "package_name": "stf/sg-core-rhel8", "product_name": "Service Telemetry Framework 1.5 for RHEL 8"}], "public_date": "2023-02-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-41727\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-41727"], "threat_severity": "Moderate", "upstream_fix": "golang.org/x/image 0.5.0"}