Web: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39213

Sept. 15, 2022, 10:15 p.m. |

National Vulnerability Database nist.gov

go-cvss is a Go module to manipulate Common Vulnerability Scoring System (CVSS). In affected versions when a full CVSS v2.0 vector string is parsed using `ParseVector`, an Out-of-Bounds Read is possible due to a lack of tests. The Go module will then panic. The problem is patched in tag `v0.4.0`, by the commit `d9d478ff0c13b8b09ace030db9262f3c2fe031f4`. Users are advised to upgrade. Users unable to upgrade may avoid this issue by parsing only CVSS v2.0 vector strings that do not have all attributes …

cve cvss

Cybersecurity Engineer

@ Apercen Partners LLC | Folsom, CA

IDM Sr. Security Developer

@ The Ohio State University | Columbus, OH, United States

IT Security Engineer

@ Stylitics | New York City

Information Security Engineer

@ VDA Labs | Remote

Information Security Analyst

@ Metropolitan Transportation Commission | San Francisco, CA

Manager, DT GRC (Governance, Risk, And compliance)

@ ServiceNow | Austin, Texas, United States

Associate Threat Intelligence Response Analyst

@ Recorded Future, Inc. | London, UK

Security Engineer - Product Security

@ Riot Games, Inc. | Los Angeles, USA

Senior DevSecOps Engineer - HYBRID

@ Sigma Defense | San Diego, California, United States

Senior Cloud Security Engineer (f/m/d)

@ ecosio | Vienna, Austria

Information Systems Security Manger (ISSM)

@ Scientific Systems Company, Inc. | Woburn, Massachusetts, United States

Cyber Assurance Manager

@ Tesco Bengaluru | Bengaluru, India