Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-34155

Опубликовано: 06 сент. 2024
Источник: redhat
CVSS3: 5.9
EPSS Низкий

Описание

Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.

A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Builds for Red Hat OpenShiftopenshift-builds/openshift-builds-waiters-rhel8Affected
cert-manager Operator for Red Hat OpenShiftcert-manager/cert-manager-operator-rhel9Affected
Custom Metric Autoscaler operator for Red Hat Openshiftcustom-metrics-autoscaler/custom-metrics-autoscaler-rhel8Not affected
Fence Agents Remediation Operatorworkload-availability/fence-agents-remediation-rhel8-operatorWill not fix
Logical Volume Manager Storagelvms4/topolvm-rhel9Will not fix
Machine Deletion Remediation Operatorworkload-availability/machine-deletion-remediation-rhel8-operatorWill not fix
Migration Toolkit for Applications 7mta/mta-cli-rhel9Will not fix
Migration Toolkit for Virtualizationmigration-toolkit-virtualization/mtv-api-rhel9Fix deferred
Multicluster Engine for Kubernetesmulticluster-engine/hive-rhel8Fix deferred
NBDE Tang Servertang-operator-containerWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-674
https://bugzilla.redhat.com/show_bug.cgi?id=2310527go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

EPSS

Процентиль: 27%
0.0009
Низкий

5.9 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-34155

CVSS3: 4.3
ubuntu
10 месяцев назад

Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.

nvd логотип

CVE-2024-34155

CVSS3: 4.3
nvd
10 месяцев назад

Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.

debian логотип

CVE-2024-34155

CVSS3: 4.3
debian
10 месяцев назад

Calling any of the Parse functions on Go source code which contains de ...

github логотип

GHSA-8xfx-rj4p-23jm

github
10 месяцев назад

Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.

fstec логотип

BDU:2024-07020

CVSS3: 7.5
fstec
10 месяцев назад

Уязвимость функции Parse языка программирования Go, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 27%
0.0009
Низкий

5.9 Medium

CVSS3

Уязвимость CVE-2024-34155