Lucene search

RedosROS-20240712-02

HistoryJul 12, 2024 - 12:00 a.m.

ROS-20240712-02

2024-07-1200:00:00

redos.red-soft.ru

vulnerability

parseaddresslist

go programming language

remote

spoofing attacks

crafted input data

insufficient verification security issue

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

6.5

Confidence

Low

JSON

A vulnerability in the ParseAddressList function of the net/mail package of the Go programming language is related to insufficient verification of display names in the function.
verification of display names in the function. Exploitation of the vulnerability could allow an attacker acting remotely to perform spoofing attacks by transmitting specially crafted input to the application.
remotely to perform spoofing attacks by passing specially crafted input data to an application.

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64golang< 1.21.8-1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
redos	7.3	x86_64	golang	< 1.21.8-1	UNKNOWN

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

6.5

Confidence

Low

JSON

Related for ROS-20240712-02