x/vulndb: potential Go vuln in std: CVE-2022-30634

CVE-2022-30634 references [std](https://std), which may be a Go module.

Description:
Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.

Links:
- NIST: https://nvd.nist.gov/vuln/detail/CVE-2022-30634
- JSON: https://github.com/CVEProject/cvelist/tree/d5a3000796d3ca21881993f37dadf8c869eb5f70/2022/30xxx/CVE-2022-30634.json
- https://go.dev/cl/402257
- https://go.dev/issue/52561
- https://go.googlesource.com/go/+/bb1f4416180511231de6d17a1f2f55c82aafc863
- https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ

See [doc/triage.md](https://github.com/golang/vulndb/blob/master/doc/triage.md) for instructions on how to triage this report.

```
module: std
package: std
description: |
    Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.
cves:
  - CVE-2022-30634
credit: Davis Goodin and Quim Muntal of Microsoft
links:
    context:
      - https://go.dev/cl/402257
      - https://go.dev/issue/52561
      - https://go.googlesource.com/go/+/bb1f4416180511231de6d17a1f2f55c82aafc863
      - https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ

```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in std: CVE-2022-30634 #381

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

x/vulndb: potential Go vuln in std: CVE-2022-30634 #381

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions