golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

K000152445: Golang vulnerability CVE-2024-24789

Security Advisory Description The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The...

ROS-20250526-02

Vulnerability in archive-zip package of Golang programming language is related to incorrect processing of zip files. zip files. Exploitation of the vulnerability could allow an attacker to create an arbitrary zip file...

Linux Distros Unpatched Vulnerability : CVE-2024-24789

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be...

EulerOS 2.0 SP12 : golang (EulerOS-SA-2024-2504)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment...

EulerOS 2.0 SP10 : golang (EulerOS-SA-2024-2437)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment...

Medium: golang

Issue Overview: The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip...

OESA-2024-1771 golang security update

The Go Programming Language. Security Fixes: The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading t...

Amazon Linux 2 : golang (ALAS-2024-2576)

The version of golang installed on the remote host is prior to 1.22.4-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2576 advisory. The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip...

Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2024-646)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-646 advisory. The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with...

CVE-2024-24789

A flaw was found in Golang. The ZIP implementation of the Go language archive/zip library behaves differently than the rest of the ZIP file format implementations. When handling ZIP files with a corrupted central directory record, the library skips over the invalid record and processes the next...

The vulnerability of the archive-zip package written in the Golang programming language, which allows a hacker to create arbitrary zip files

The vulnerability of the archive-zip package written in the Golang programming language is related to incorrect processing of zip files. Exploiting this vulnerability allows an attacker to create arbitrary zip files...

AZL-42415 CVE-2024-24789 affecting package msft-golang for versions less than 1.22.4-1

The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects...

UBUNTU-CVE-2024-24789

The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects...

CVE-2024-24789

The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects...

CVE-2024-24789 Mishandling of corrupt central directory record in archive/zip

The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects...

PT-2024-4044 · Unknown +10 · Archive/Zip +10

Name of the Vulnerable Software and Affected Versions: archive/zip package affected versions not specified Description: The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create a...

SUSE-RU-2021:3315-1 Recommended update for go1.17

This update for go1.17 fixes the following issues: This is the initial go 1.17 shipment. go1.17.1 released 2021-09-09 includes a security fix to the archive/zip package, as well as bug fixes to the compiler, linker, the go command, and to the crypto/rand, embed, go/types, html/template, and...