CVE-2024-24788

Опубликовано: 08 мая 2024

Источник: debian

EPSS Низкий

Описание

A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.

Пакет	Статус	Версия исправления	Тип
golang-1.22	fixed	1.22.3-1	package
golang-1.21	not-affected		package
golang-1.19	not-affected		package
golang-1.15	not-affected		package
golang-1.11	not-affected		package

https://groups.google.com/g/golang-announce/c/wkkO4P9stm0
https://github.com/golang/go/issues/66754
https://go-review.googlesource.com/c/go/+/578375
Introduced with: https://github.com/golang/go/commit/865760373194e358fefa4d1e45ebdf2141b77b59 (go1.22rc1)
Fixed by: https://github.com/golang/go/commit/93d8777d244962d1b706c0b695c8b72e9702577e (go1.22.3)

EPSS

Процентиль: 33%

0.00128

Низкий

CVE-2024-24788

CVSS3: 5.9

ubuntu

около 1 года назад

A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.

CVE-2024-24788

CVSS3: 7.5

redhat

около 1 года назад

A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.

CVE-2024-24788

CVSS3: 5.9

nvd

около 1 года назад

A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.

ROS-20240918-05

CVSS3: 6.5

redos

9 месяцев назад

Уязвимость consul

GHSA-2jwv-jmq4-4j3r

github

около 1 года назад

A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.

EPSS

Процентиль: 33%

0.00128

Низкий