CVE-2022-24675 PoC — Google Go 安全漏洞

Source

https://github.com/jfrog/jfrog-CVE-2022-24675

Associated Vulnerability

Title:Google Go 安全漏洞 (CVE-2022-24675)
Description:Google Go是美国谷歌（Google）公司的一款静态强类型、编译型、并发型，并具有垃圾回收功能的编程语言。 Google Go 存在安全漏洞，该漏洞源于大量的 PEM 数据导致解码堆栈溢出。以下产品和版本受到影响：1.17.9 版本和 1.8.1 之前的 1.8.x 版本。

Readme

# CVE-2022-24675 tools

## Usage instructions

```
cve2022_24675.sh root_folder
```

Will recursively walk the specified folder and report Golang binaries which use `pem.Decode` function, or are stripped (in which case function name will be missed and the check will not be effective).

File Snapshot


 [4.0K]  /data/pocs/a954369e252281ee6e38208a3d2cc24a247178d0
├── [ 430]  cve2022_24675.sh
├── [ 11K]  LICENSE
└── [ 285]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!