Lucene search
Alpine Linux Development TeamALPINE:CVE-2024-34158HistorySep 06, 2024 - 9:15 p.m.
CVE-2024-34158
2024-09-0621:15:12
Alpine Linux Development Team
security.alpinelinux.org
1
cve-2024-stack unix expressions build tag panic_cause_security_vulnerability
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
6.6
Confidence
Low
EPSS
0
Percentile
16.3%
Calling Parse on a “// +build” build tag line with deeply nested expressions can cause a panic due to stack exhaustion.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Alpine | edge-community | noarch | go | < 1.23.1-r0 | UNKNOWN |
| Alpine | 3.20-community | noarch | go | < 1.22.7-r0 | UNKNOWN |
Related
osv
osv
CGA-8xvg-4rv4-xmw4
2024-09-10 10:05:02
CGA-47m6-84wh-xf65
2024-09-11 20:19:51
CGA-h5gx-26j8-c9qf
2024-09-10 14:09:42
debiancve
debiancve
CVE-2024-34158
2024-09-06 21:15:12
cve
cve
CVE-2024-34158
2024-09-06 21:15:12
redhatcve
redhatcve
CVE-2024-34158
2024-09-06 23:42:26
wolfi
wolfi
CVE-2024-34158 vulnerabilities
2024-09-19 21:18:36
vulnrichment
vulnrichment
CVE-2024-34158 Stack exhaustion in Parse in go/build/constraint
2024-09-06 20:42:42
cvelist
cvelist
CVE-2024-34158 Stack exhaustion in Parse in go/build/constraint
2024-09-06 20:42:42
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
6.6
Confidence
Low
EPSS
0
Percentile
16.3%
Related for ALPINE:CVE-2024-34158