Important: golang

🗓️ 02 Oct 2024 00:00:00Reported by AmazonType

amazon

amazon🔗 alas.aws.amazon.com👁 3 Views

Golang parsing and decoding can panic from nested inputs due to stack exhaustion; update golang.

Reporter	Title	Published	Views	Family All 3653
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Go may affect IBM CICS TX Standard	24 Feb 202310:43	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM API Connect	15 Mar 202500:18	–	ibm
IBM Security Bulletins	Security Bulletin: Astronomer with IBM is vulnerable to several vulnerabilities	11 Aug 202513:46	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Golang Go denial of service vulnerabilitiy(CVE-2024-34156)	28 Jan 202521:51	–	ibm
IBM Security Bulletins	Security Bulletin: IBM DataPower Operator vulnerable to DoS due to use of Go (CVE-2024-34155, CVE-2024-34156)	28 Jan 202522:08	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Observability with Instana (OnPrem) is affected by multiple security vulnerabilities	17 Mar 202510:56	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in the mongo-tools utility affect IBM WebSphere Automation	29 Mar 202317:13	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Storage Ceph contains vulnerabilities found in Golang (CVE-2024-24785 CVE-2024-24784 CVE-2024-24783 CVE-2024-24788 CVE-2024-24789 CVE-2024-24790 CVE-2024-6104 CVE-2024-24791 CVE-2024-34155 CVE-2024-34156)	7 Jul 202520:03	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is affected by multiple vulnerabilities in Golang Go	5 Jul 202321:52	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Golang Go affect IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and Red Hat OpenShift	18 Nov 202200:02	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Amazon Linux	2	aarch64	golang	1.22.7-1.amzn2.0.1	golang-1.22.7-1.amzn2.0.1.aarch64.rpm
Amazon Linux	2	x86_64	golang	1.22.7-1.amzn2.0.1	golang-1.22.7-1.amzn2.0.1.x86_64.rpm
Amazon Linux	2	aarch64	golang-bin	1.22.7-1.amzn2.0.1	golang-bin-1.22.7-1.amzn2.0.1.aarch64.rpm
Amazon Linux	2	x86_64	golang-bin	1.22.7-1.amzn2.0.1	golang-bin-1.22.7-1.amzn2.0.1.x86_64.rpm
Amazon Linux	2	any	golang-docs	1.22.7-1.amzn2.0.1	golang-docs-1.22.7-1.amzn2.0.1.noarch.rpm
Amazon Linux	2	any	golang-misc	1.22.7-1.amzn2.0.1	golang-misc-1.22.7-1.amzn2.0.1.noarch.rpm
Amazon Linux	2	aarch64	golang-shared	1.22.7-1.amzn2.0.1	golang-shared-1.22.7-1.amzn2.0.1.aarch64.rpm
Amazon Linux	2	x86_64	golang-shared	1.22.7-1.amzn2.0.1	golang-shared-1.22.7-1.amzn2.0.1.x86_64.rpm
Amazon Linux	2	any	golang-src	1.22.7-1.amzn2.0.1	golang-src-1.22.7-1.amzn2.0.1.noarch.rpm
Amazon Linux	2	any	golang-tests	1.22.7-1.amzn2.0.1	golang-tests-1.22.7-1.amzn2.0.1.noarch.rpm

02 Oct 2024 00:00Current

7.2High risk

Vulners AI Score7.2

CVSS 3.17.5

EPSS0.00306

SSVC

go vulnerability stack exhaustion deeply nested parse panic decode panic build tag panic amazon linux two golang update cve 2024 34155 cve 2024 34156 cve 2024 34158