PT-2023-9785 · Go+11 · Go+11

Philippe Antoine

·

Published

2023-04-04

·

Updated

2025-02-28

·

CVE-2023-24537

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Go (affected versions not specified)
Description The issue is related to the Parse function in the Go programming language, which can cause an infinite loop due to integer overflow when processing Go source code containing //line directives with very large line numbers. This can potentially allow a remote attacker to cause a denial of service.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALSA-2023:6363
ALSA-2023:6474
ALSA-2023:6938
ALSA-2023:6939
ALT-PU-2023-1575
ALT-PU-2023-1598
ALT-PU-2023-4736
ALT-PU-2023-4785
ALT-PU-2023-5492
ALT-PU-2023-7055
AZL-26026
AZL-26029
AZL-37319
AZL-37352
AZL-52676
AZL-79120
BDU:2024-10794
BIT-GOLANG-2023-24537
CESA-2023_3319
CESA-2023_6938
CESA-2023_6939
CVE-2023-24537
GO-2023-1702
MGASA-2023-0145
OESA-2023-1237
OESA-2023-1662
OESA-2023-1663
OESA-2023-1664
OESA-2023-1665
OESA-2024-1001
OESA-2024-1074
OESA-2025-1059
OESA-2025-1185
OESA-2025-1221
OESA-2025-1222
OPENSUSE-SU-2024:12841-1
OPENSUSE-SU-2024:12845-1
RHSA-2023:3318
RHSA-2023:3319
RHSA-2023:3323
RHSA-2023:3366
RHSA-2023:3445
RHSA-2023:3450
RHSA-2023:3536
RHSA-2023:3540
RHSA-2023:3612
RHSA-2023:4003
RHSA-2023:4093
RHSA-2023:4470
RHSA-2023:5964
RHSA-2023:6363
RHSA-2023:6474
RHSA-2023:6938
RHSA-2023:6939
RHSA-2023_3318
RHSA-2023_3319
RHSA-2023_6363
RHSA-2023_6474
RHSA-2023_6938
RHSA-2023_6939
SUSE-SU-2023:1791-1
SUSE-SU-2023:1792-1
SUSE-SU-2023:2105-1
SUSE-SU-2023:2105-2
SUSE-SU-2023:2127-1
USN-6038-1
USN-6038-2
USN-6140-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Go
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu