CVE-2024-34155

Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion...

CVE-2024-34158

CVE-2024-34158 concerns Go’s build constraint parsing (the // +build tag) where deeply nested expressions can trigger a panic/stack exhaustion. The connected advisories consistently describe the same issue affecting golang build/constraint handling and note that patches are available via vendor O...

CVE-2024-34158 Stack exhaustion in Parse in go/build/constraint

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion...

CVE-2024-34155 Stack exhaustion in all Parse functions in go/parser

Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion...

CVE-2024-34155 Stack exhaustion in all Parse functions in go/parser

Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion...

CVE-2024-34155

CVE-2024-34155 concerns the Go tooling stack: parsing Go source with deeply nested literals can panic due to stack exhaustion. The connected advisories confirm this affects core Go components such as the parser, encoding/gob (Decode), and go/build/constraint (Parse) when handling deeply nested in...

CVE-2024-34158 Stack exhaustion in Parse in go/build/constraint

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion...

CVE-2024-34155

Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion...

CVE-2024-34158

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion...

Uncontrolled Recursion

Overview std/go/build/constraint is a Go standard library package std/go/build/constraint Affected versions of this package are vulnerable to Uncontrolled Recursion. Go Vulnerability Report: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stac...

GO-2024-3107 Stack exhaustion in Parse in go/build/constraint

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion...

GO-2024-3105 Stack exhaustion in all Parse functions in go/parser

Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion...

golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

A flaw was discovered in Go's net/http standard library package. When parsing a multipart form either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile, limits on the total size of the parsed form were not applied to the...

SUSE CVE-2024-45508

HTMLDOC before 1.9.19 has an out-of-bounds write in parseparagraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node...

UBUNTU-CVE-2024-45508

HTMLDOC before 1.9.19 has an out-of-bounds write in parseparagraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node...

HTMLDOC 安全漏洞

HTMLDOC is an open source program by Michael R Sweet, an individual developer, that converts HTML and Markdown files to EPUB, Indexed HTML, PostScript, and PDF format files. A security vulnerability exists in HTMLDOC versions prior to 1.9.19, which stems from an out-of-bounds write in the...

IBM Lotus Notes Sametime Room Name Bruteforce

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'enumerable' class MetasploitModule 'IBM Lotus Notes Sametime Room Name Bruteforce', 'Description' = %q This module bruteforces Sametime meeting room names via t...

DEBIAN-CVE-2024-45490

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XMLParseBuffer...

UBUNTU-CVE-2024-45490

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XMLParseBuffer...

golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

A flaw was discovered in Go's net/http standard library package. When parsing a multipart form either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile, limits on the total size of the parsed form were not applied to the...