Lucene search
GoCVE-2024-34155HistorySep 06, 2024 - 9:15 p.m.
CVE-2024-34155
2024-09-0621:15:11
Go
web.nvd.nist.gov
32
go source code
parse functions
stack exhaustion
panic
cve-2024-34155
Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.
CNA Affected
[
{
"vendor": "Go standard library",
"product": "go/parser",
"collectionURL": "https://pkg.go.dev",
"packageName": "go/parser",
"versions": [
{
"version": "0",
"lessThan": "1.22.7",
"status": "affected",
"versionType": "semver"
},
{
"version": "1.23.0-0",
"lessThan": "1.23.1",
"status": "affected",
"versionType": "semver"
}
],
"programRoutines": [
{
"name": "parser.parseLiteralValue"
},
{
"name": "ParseDir"
},
{
"name": "ParseExpr"
},
{
"name": "ParseExprFrom"
},
{
"name": "ParseFile"
}
],
"defaultStatus": "unaffected"
}
]Related
osv
osv
CGA-rc7m-632g-mr8w
2024-09-10 11:05:05
CGA-qcxm-mjjw-4qf2
2024-09-10 14:09:42
CGA-7gvj-vrj5-xr46
2024-09-10 14:05:01
debiancve
debiancve
CVE-2024-34155
2024-09-06 21:15:11
alpinelinux
alpinelinux
CVE-2024-34155
2024-09-06 21:15:11
vulnrichment
vulnrichment
CVE-2024-34155 Stack exhaustion in all Parse functions in go/parser
2024-09-06 20:42:42
nvd
nvd
CVE-2024-34155
2024-09-06 21:15:11
wolfi
wolfi
CVE-2024-34155 vulnerabilities
2024-09-18 21:11:55
redhatcve
redhatcve
CVE-2024-34155
2024-09-07 00:09:51
cvelist
cvelist
CVE-2024-34155 Stack exhaustion in all Parse functions in go/parser
2024-09-06 20:42:42
nessus
nessus
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.22 (SUSE-SU-2024:3213-1)
2024-09-13 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.23 (SUSE-SU-2024:3214-1)
2024-09-13 00:00:00
SUSE SLES12 Security Update : go1.22 (SUSE-SU-2024:3196-1)
2024-09-11 00:00:00