Описание
Arithmetic over induction variables in loops were not correctly checked for underflow or overflow. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| golang-1.26 | fixed | 1.26.2-1 | package | |
| golang-1.25 | fixed | 1.25.9-1 | package | |
| golang-1.24 | removed | package | ||
| golang-1.24 | no-dsa | trixie | package | |
| golang-1.19 | removed | package | ||
| golang-1.19 | no-dsa | bookworm | package | |
| golang-1.15 | removed | package | ||
| golang-1.15 | postponed | bullseye | package |
Примечания
https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU
https://github.com/golang/go/issues/78333
Fixed by: https://github.com/golang/go/commit/c4b4bd7b3aefeb67a541912df0733bde68333bfc (go1.26.2)
Fixed by: https://github.com/golang/go/commit/7d2dd3488cdfbddda14c18c455d3263df75a46fc (go1.25.9)
https://ciolek.dev/posts/when-the-compiler-lies
EPSS
Связанные уязвимости
Arithmetic over induction variables in loops were not correctly checked for underflow or overflow. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption.
Arithmetic over induction variables in loops were not correctly checked for underflow or overflow. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption.
Arithmetic over induction variables in loops were not correctly checked for underflow or overflow. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption.
Missing bound checks can lead to memory corruption in safe Go in cmd/compile
Arithmetic over induction variables in loops were not correctly checked for underflow or overflow. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption.
EPSS