CVE-2023-24537

Опубликовано: 04 апр. 2023

Источник: redhat

CVSS3: 7.5

EPSS Низкий

Описание

Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.

A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service.

Затронутые пакеты

Платформа	Пакет	Состояние
Custom Metric Autoscaler operator for Red Hat Openshift	custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8	Not affected
Logging Subsystem for Red Hat OpenShift	openshift-logging/logging-loki-rhel8	Not affected
Node HealthCheck Operator	workload-availability/node-healthcheck-rhel8-operator	Affected
Node Maintenance Operator	workload-availability/node-maintenance-rhel8-operator	Affected
OpenShift Developer Tools and Services	helm	Affected
OpenShift Developer Tools and Services	ocp-tools-4/jenkins-rhel8	Will not fix
OpenShift Developer Tools and Services	odo	Will not fix
OpenShift Pipelines	openshift-pipelines-client	Affected
OpenShift Service Mesh 2	openshift-golang-builder-container	Will not fix
Red Hat 3scale API Management Platform 2	3scale-operator-container	Affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-835

https://bugzilla.redhat.com/show_bug.cgi?id=2184484golang: go/parser: Infinite loop in parsing

EPSS

Процентиль: 4%

0.0002

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2023-24537

CVSS3: 7.5

ubuntu

около 2 лет назад

Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.

CVE-2023-24537

CVSS3: 7.5

nvd

около 2 лет назад

Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.

CVE-2023-24537

CVSS3: 7.5

debian

около 2 лет назад

Calling any of the Parse functions on Go source code which contains // ...

GHSA-fp86-2355-v99r

CVSS3: 7.5

github

около 2 лет назад

Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.

BDU:2024-10794

CVSS3: 7.5

fstec

около 2 лет назад

Уязвимость функции Parse() языка программирования Golang, связанная с целочисленным переполнением, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 4%

0.0002

Низкий

7.5 High

CVSS3