Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files.
The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Go | Golang | * | 1.17.12 (excluding) |
Go | Golang | 1.18.0 (including) | 1.18.4 (excluding) |