cve/2022/CVE-2022-24921.md

CVE-2022-24921

Description

regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.

POC

Reference

No PoCs from references.

Github

• https://github.com/ARPSyndicate/cvemon
• https://github.com/henriquebesing/container-security
• https://github.com/jonathanscheibel/PyNmap
• https://github.com/kb5fls/container-security
• https://github.com/ruzickap/malware-cryptominer-container