Lucene search
GoCVELIST:CVE-2024-24784HistoryMar 05, 2024 - 10:22 p.m.
CVE-2024-24784 Comments in display names are incorrectly handled in net/mail
2024-03-0522:22:32
Go
www.cve.org
1
cve-2024-24784
parseaddresslist
trust decisions
0.0004 Low
EPSS
Percentile
10.2%
The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers.
CNA Affected
[
{
"vendor": "Go standard library",
"product": "net/mail",
"collectionURL": "https://pkg.go.dev",
"packageName": "net/mail",
"versions": [
{
"version": "0",
"lessThan": "1.21.8",
"status": "affected",
"versionType": "semver"
},
{
"version": "1.22.0-0",
"lessThan": "1.22.1",
"status": "affected",
"versionType": "semver"
}
],
"programRoutines": [
{
"name": "addrParser.consumeGroupList"
},
{
"name": "addrParser.consumePhrase"
},
{
"name": "isAtext"
},
{
"name": "Address.String"
},
{
"name": "AddressParser.Parse"
},
{
"name": "AddressParser.ParseList"
},
{
"name": "Header.AddressList"
},
{
"name": "ParseAddress"
},
{
"name": "ParseAddressList"
}
],
"defaultStatus": "unaffected"
}
]Related
alpinelinux
alpinelinux
CVE-2024-24784
2024-03-05 23:15:07
ubuntucve
ubuntucve
CVE-2024-24784
2024-03-05 00:00:00
cgr
cgr
CVE-2024-24784 vulnerabilities
2024-05-19 03:07:16
cbl_mariner
cbl_mariner
CVE-2024-24784 affecting package golang for versions less than 1.21.6-1
2024-06-09 21:08:00
nvd
nvd
CVE-2024-24784
2024-03-05 23:15:07
osv
osv
Comments in display names are incorrectly handled in net/mail
2024-03-05 22:15:04
BIT-golang-2024-24784
2024-03-12 08:24:22
Important: go-toolset:rhel8 security update
2024-05-22 00:00:00
redhatcve
redhatcve
CVE-2024-24784
2024-03-06 03:33:31
wolfi
wolfi
CVE-2024-24784 vulnerabilities
2024-06-09 21:07:56
prion
prion
Design/Logic Flaw
2024-03-05 23:15:00
veracode
veracode
Interpretation Differences
2024-03-17 17:30:16
debiancve
debiancve
CVE-2024-24784
2024-03-05 23:15:07
cve
cve
CVE-2024-24784
2024-03-05 23:15:07
nessus
nessus
Golang < 1.21.8, 1.22.x < 1.22.1 Multiple Vulnerabilities
2024-03-07 00:00:00
SUSE SLES12 Security Update : go1.21 (SUSE-SU-2024:0800-1)
2024-03-09 00:00:00
freebsd
freebsd
go -- multiple vulnerabilities
2024-03-05 00:00:00
openvas
openvas
openSUSE: Security Advisory for go1.22 (SUSE-SU-2024:0812-1)
2024-03-25 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:0811-1)
2024-03-11 00:00:00
almalinux
almalinux
Important: go-toolset:rhel8 security update
2024-05-22 00:00:00
Important: golang security update
2024-04-30 00:00:00
oraclelinux
oraclelinux
go-toolset:ol8 security update
2024-05-29 00:00:00
golang security update
2024-05-07 00:00:00
amazon
amazon
Medium: golang
2024-05-23 22:04:00
redhat
redhat
(RHSA-2024:3259) Important: go-toolset:rhel8 security update
2024-05-22 10:41:22
(RHSA-2024:2562) Important: golang security update
2024-04-30 11:38:52
rocky
rocky
golang security update
2024-05-10 14:32:42
