Lucene search
GoCVELIST:CVE-2024-34155HistorySep 06, 2024 - 8:42 p.m.
CVE-2024-34155 Stack exhaustion in all Parse functions in go/parser
2024-09-0620:42:42
Go
www.cve.org
4
cve-2024-34155
stack exhaustion
parse functions
go source code
literals
panic
EPSS
0
Percentile
16.3%
Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.
CNA Affected
[
{
"vendor": "Go standard library",
"product": "go/parser",
"collectionURL": "https://pkg.go.dev",
"packageName": "go/parser",
"versions": [
{
"version": "0",
"lessThan": "1.22.7",
"status": "affected",
"versionType": "semver"
},
{
"version": "1.23.0-0",
"lessThan": "1.23.1",
"status": "affected",
"versionType": "semver"
}
],
"programRoutines": [
{
"name": "parser.parseLiteralValue"
},
{
"name": "ParseDir"
},
{
"name": "ParseExpr"
},
{
"name": "ParseExprFrom"
},
{
"name": "ParseFile"
}
],
"defaultStatus": "unaffected"
}
]Related
osv
osv
CGA-9gvr-j6cr-39qw
2024-09-10 11:04:57
CGA-7gvj-vrj5-xr46
2024-09-10 14:05:01
CGA-qcxm-mjjw-4qf2
2024-09-10 14:09:42
alpinelinux
alpinelinux
CVE-2024-34155
2024-09-06 21:15:11
vulnrichment
vulnrichment
CVE-2024-34155 Stack exhaustion in all Parse functions in go/parser
2024-09-06 20:42:42
nvd
nvd
CVE-2024-34155
2024-09-06 21:15:11
wolfi
wolfi
CVE-2024-34155 vulnerabilities
2024-09-19 09:11:50
debiancve
debiancve
CVE-2024-34155
2024-09-06 21:15:11