Lucene search
GoCVELIST:CVE-2024-24789HistoryJun 05, 2024 - 3:13 p.m.
CVE-2024-24789 Mishandling of corrupt central directory record in archive/zip
2024-06-0515:13:51
Go
www.cve.org
8
cve-2024-24789
mishandling
corrupt central directory record
archive/zip
zip files
exploitation
rejection
The archive/zip package’s handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.
CNA Affected
[
{
"vendor": "Go standard library",
"product": "archive/zip",
"collectionURL": "https://pkg.go.dev",
"packageName": "archive/zip",
"versions": [
{
"version": "0",
"lessThan": "1.21.11",
"status": "affected",
"versionType": "semver"
},
{
"version": "1.22.0-0",
"lessThan": "1.22.4",
"status": "affected",
"versionType": "semver"
}
],
"programRoutines": [
{
"name": "findSignatureInBlock"
},
{
"name": "NewReader"
},
{
"name": "OpenReader"
}
],
"defaultStatus": "unaffected"
}
]Related
osv
osv
CGA-8q7v-4cw9-fv5m
2024-06-07 08:05:12
CGA-4vmq-v5cw-hfxx
2024-06-07 11:04:29
CGA-8323-hjcv-87gc
2024-06-07 13:04:11
fedora
fedora
[SECURITY] Fedora 40 Update: kitty-0.35.1-4.fc40
2024-06-19 02:05:30
debiancve
debiancve
CVE-2024-24789
2024-06-05 16:15:10
openvas
openvas
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-2437)
2024-09-12 00:00:00