Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-24784

Опубликовано: 05 мар. 2024
Источник: debian

Описание

The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
golang-1.22fixed1.22.1-1package
golang-1.21fixed1.21.8-1package
golang-1.19removedpackage
golang-1.19no-dsabookwormpackage
golang-1.15removedpackage
golang-1.15no-dsabullseyepackage
golang-1.11removedpackage
golang-1.11postponedbusterpackage

Примечания

  • https://github.com/golang/go/issues/65083

  • https://github.com/golang/go/commit/5330cd225ba54c7dc78c1b46dcdf61a4671a632c (go1.22.1)

  • https://github.com/golang/go/commit/263c059b09fdd40d9dd945f2ecb20c89ea28efe5 (go1.21.8)

Связанные уязвимости

ubuntu логотип

CVE-2024-24784

CVSS3: 7.5
ubuntu
больше 1 года назад

The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers.

redhat логотип

CVE-2024-24784

CVSS3: 5.4
redhat
больше 1 года назад

The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers.

nvd логотип

CVE-2024-24784

CVSS3: 7.5
nvd
больше 1 года назад

The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers.

github логотип

GHSA-fgq5-q76c-gx78

CVSS3: 7.5
github
больше 1 года назад

The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers.

fstec логотип

BDU:2024-04962

CVSS3: 7.3
fstec
больше 1 года назад

Уязвимость функции ParseAddressList пакета net/mail языка программирования Go, позволяющая нарушителю выполнить спуфинг-атаки