Описание
Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| golang-1.20 | fixed | 1.20.3-1 | package | |
| golang-1.19 | fixed | 1.19.8-1 | experimental | package |
| golang-1.19 | fixed | 1.19.8-2 | package | |
| golang-1.15 | removed | package | ||
| golang-1.15 | no-dsa | bullseye | package | |
| golang-1.11 | removed | package | ||
| golang-1.11 | postponed | buster | package |
Примечания
https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8
https://go.dev/issue/59180
https://github.com/golang/go/commit/e7c4b07ecf6b367f1afc9cc48cde963829dd0aab (go1.20.3)
https://github.com/golang/go/commit/126a1d02da82f93ede7ce0bd8d3c51ef627f2104 (go1.19.8)
Introduced by: https://github.com/golang/go/commit/99c30211b1e0b3ac4e5d32f3ae5eaf759c23195f (go1.11beta1)
EPSS
Связанные уязвимости
Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.
Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.
Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.
Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.
Уязвимость функции Parse() языка программирования Golang, связанная с целочисленным переполнением, позволяющая нарушителю вызвать отказ в обслуживании
EPSS