Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-34158

Опубликовано: 06 сент. 2024
Источник: redhat
CVSS3: 5.9
EPSS Низкий

Описание

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

A flaw was found in the go/build/constraint package of the Golang standard library. Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Custom Metric Autoscaler operator for Red Hat Openshiftcustom-metrics-autoscaler/custom-metrics-autoscaler-rhel8Not affected
Logical Volume Manager Storagelvms4/lvms-rhel9-operatorWill not fix
Machine Deletion Remediation Operatorworkload-availability/machine-deletion-remediation-rhel8-operatorWill not fix
Migration Toolkit for Applications 7mta/mta-cli-rhel9Will not fix
Migration Toolkit for Virtualizationmigration-toolkit-virtualization/mtv-api-rhel9Fix deferred
Multicluster Engine for Kubernetesmulticluster-engine/cluster-api-provider-azure-rhel8Fix deferred
NBDE Tang Servertang-operator-containerWill not fix
Node HealthCheck Operatorworkload-availability/node-healthcheck-rhel8-operatorWill not fix
OpenShift Serverlessopenshift-serverless-1/client-kn-rhel8Will not fix
OpenShift Serverlessopenshift-serverless-clientsWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-1325
https://bugzilla.redhat.com/show_bug.cgi?id=2310529go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

EPSS

Процентиль: 20%
0.00062
Низкий

5.9 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-34158

CVSS3: 7.5
ubuntu
10 месяцев назад

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

nvd логотип

CVE-2024-34158

CVSS3: 7.5
nvd
10 месяцев назад

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

debian логотип

CVE-2024-34158

CVSS3: 7.5
debian
10 месяцев назад

Calling Parse on a "// +build" build tag line with deeply nested expre ...

github логотип

GHSA-j7vj-rw65-4v26

CVSS3: 7.5
github
10 месяцев назад

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

fstec логотип

BDU:2024-07026

CVSS3: 7.5
fstec
10 месяцев назад

Уязвимость функции Parse языка программирования Go, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 20%
0.00062
Низкий

5.9 Medium

CVSS3

Уязвимость CVE-2024-34158