Lucene search
Ubuntu.comUB:CVE-2024-24784HistoryMar 05, 2024 - 12:00 a.m.
CVE-2024-24784
2024-03-0500:00:00
ubuntu.com
ubuntu.com
2
parseaddresslist
mishandles comments
trust decisions
parsers
golang
rebuilding
The ParseAddressList function incorrectly handles comments (text within
parentheses) within display names. Since this is a misalignment with
conforming address parsers, it can result in different trust decisions
being made by programs using different parsers.
Notes
| Author | Note |
|---|---|
| mdeslaur | Packages built using golang need to be rebuilt once the vulnerability has been fixed. This CVE entry does not list packages that need rebuilding outside of the main repository or the Ubuntu variants with PPA overlays. Warning: do not include nullboot in the list of no-change rebuilds after fixing an issue in golang. |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | golang-1.10 | < any | UNKNOWN |
| ubuntu | 14.04 | noarch | golang-1.10 | < any | UNKNOWN |
| ubuntu | 16.04 | noarch | golang-1.10 | < any | UNKNOWN |
| ubuntu | 18.04 | noarch | golang-1.13 | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | golang-1.13 | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | golang-1.13 | < any | UNKNOWN |
| ubuntu | 16.04 | noarch | golang-1.13 | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | golang-1.14 | < any | UNKNOWN |
| ubuntu | 18.04 | noarch | golang-1.16 | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | golang-1.16 | < any | UNKNOWN |
References
github.com/golang/go/commit/263c059b09fdd40d9dd945f2ecb20c89ea28efe5 (go1.21.8)
github.com/golang/go/commit/5330cd225ba54c7dc78c1b46dcdf61a4671a632c (go1.22.1)
github.com/golang/go/issues/65083
go.dev/cl/555596
go.dev/issue/65083
groups.google.com/g/golang-announce/c/5pwGVUPoMbg
launchpad.net/bugs/cve/CVE-2024-24784
nvd.nist.gov/vuln/detail/CVE-2024-24784
pkg.go.dev/vuln/GO-2024-2609
security-tracker.debian.org/tracker/CVE-2024-24784
www.cve.org/CVERecord?id=CVE-2024-24784
Related
osv
osv
BIT-golang-2024-24784
2024-03-12 08:24:22
Comments in display names are incorrectly handled in net/mail
2024-03-05 22:15:04
Important: golang security update
2024-05-10 14:32:42
cve
cve
CVE-2024-24784
2024-03-05 23:15:07
prion
prion
Design/Logic Flaw
2024-03-05 23:15:00
debiancve
debiancve
CVE-2024-24784
2024-03-05 23:15:07
alpinelinux
alpinelinux
CVE-2024-24784
2024-03-05 23:15:07
cbl_mariner
cbl_mariner
CVE-2024-24784 affecting package golang for versions less than 1.21.6-1
2024-05-13 09:07:00
cgr
cgr
CVE-2024-24784 vulnerabilities
2024-05-13 15:35:11
redhatcve
redhatcve
CVE-2024-24784
2024-03-06 03:33:31
wolfi
wolfi
CVE-2024-24784 vulnerabilities
2024-05-13 21:06:55
nessus
nessus
Golang < 1.21.8, 1.22.x < 1.22.1 Multiple Vulnerabilities
2024-03-07 00:00:00
SUSE SLES12 Security Update : go1.22 (SUSE-SU-2024:0936-1)
2024-03-23 00:00:00
openvas
openvas
openSUSE: Security Advisory for go1.22 (SUSE-SU-2024:0812-1)
2024-03-25 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:0811-1)
2024-03-11 00:00:00
freebsd
freebsd
go -- multiple vulnerabilities
2024-03-05 00:00:00
redhat
redhat
(RHSA-2024:2562) Important: golang security update
2024-04-30 11:38:52
rocky
rocky
golang security update
2024-05-10 14:32:42
almalinux
almalinux
Important: golang security update
2024-04-30 00:00:00
oraclelinux
oraclelinux
golang security update
2024-05-07 00:00:00