Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-34155

Опубликовано: 06 сент. 2024
Источник: debian

Описание

Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
golang-1.23fixed1.23.1-1package
golang-1.22fixed1.22.7-1package
golang-1.21unfixedpackage
golang-1.19removedpackage
golang-1.19no-dsabookwormpackage
golang-1.15removedpackage
golang-1.15postponedbullseyepackage

Примечания

  • https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc

  • https://go.dev/issue/69138

  • https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1)

  • https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7)

Связанные уязвимости

ubuntu логотип

CVE-2024-34155

CVSS3: 4.3
ubuntu
10 месяцев назад

Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.

redhat логотип

CVE-2024-34155

CVSS3: 5.9
redhat
10 месяцев назад

Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.

nvd логотип

CVE-2024-34155

CVSS3: 4.3
nvd
10 месяцев назад

Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.

github логотип

GHSA-8xfx-rj4p-23jm

github
10 месяцев назад

Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.

fstec логотип

BDU:2024-07020

CVSS3: 7.5
fstec
10 месяцев назад

Уязвимость функции Parse языка программирования Go, позволяющая нарушителю вызвать отказ в обслуживании