PT-2024-10470 · Google+6 · Golang+6

Guido Vranken

·

Published

2024-12-18

·

Updated

2026-04-09

·

CVE-2024-45338

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Golang versions prior to the fixed version
Description The issue is related to uncontrolled resource consumption in the Golang programming language. An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.
Recommendations For Golang versions prior to the fixed version, consider disabling the Parse functions until a patch is available. Restrict access to the vulnerable Parse functions to minimize the risk of exploitation. Avoid using the Parse functions in the affected API endpoints until the issue is resolved. Update to a version that includes the fix for this issue, such as the version that includes the upgrade of golang.org/x/net.

Fix

DoS

Allocation of Resources Without Limits

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-1333CWE-400

Related Identifiers

ALT-PU-2025-13603
ALT-PU-2025-8447
AZL-54398
AZL-54401
AZL-54404
AZL-54407
AZL-54410
AZL-54413
AZL-54419
AZL-54422
AZL-54425
AZL-54428
AZL-54431
AZL-54434
AZL-54437
AZL-54440
AZL-54443
AZL-54446
AZL-54449
AZL-54452
AZL-54461
AZL-54464
AZL-54467
AZL-54470
AZL-54473
AZL-54477
AZL-54480
AZL-54483
AZL-54485
AZL-54488
AZL-54491
AZL-54498
AZL-54500
AZL-54507
AZL-54510
AZL-54512
AZL-54515
AZL-54519
AZL-54522
AZL-54524
AZL-54527
AZL-54531
AZL-54534
AZL-54540
AZL-54542
AZL-54546
AZL-54549
AZL-54555
AZL-54557
AZL-54562
AZL-54564
AZL-54567
AZL-64182
AZL-66912
BDU:2025-01010
CLEANSTART-2026-EJ93145
CLEANSTART-2026-HZ73294
CLEANSTART-2026-SQ68600
CVE-2024-45338
GHSA-W32M-9786-JP63
GO-2024-3333
OPENSUSE-SU-2024:14603-1
OPENSUSE-SU-2024:14606-1
OPENSUSE-SU-2025:0056-1
OPENSUSE-SU-2025:0094-1
OPENSUSE-SU-2025:14612-1
OPENSUSE-SU-2025:14613-1
OPENSUSE-SU-2025:14634-1
OPENSUSE-SU-2025:14639-1
OPENSUSE-SU-2025:14640-1
OPENSUSE-SU-2025:14641-1
OPENSUSE-SU-2025:14663-1
OPENSUSE-SU-2025:14666-1
OPENSUSE-SU-2025:14711-1
OPENSUSE-SU-2025:14713-1
OPENSUSE-SU-2025:14721-1
OPENSUSE-SU-2025:14725-1
OPENSUSE-SU-2025:14907-1
OPENSUSE-SU-2025:14909-1
OPENSUSE-SU-2025:15304-1
OPENSUSE-SU-2025:15305-1
OPENSUSE-SU-2025:15779-1
OPENSUSE-SU-2025:20097-1
OPENSUSE-SU-2025:20117-1
OPENSUSE-SU-2025:20160-1
OPENSUSE-SU-2025_0060-1
OPENSUSE-SU-2025_0602-1
OPENSUSE-SU-2025_0980-1
OPENSUSE-SU-2026:20279-1
SUSE-SU-2025:0060-1
SUSE-SU-2025:02581-1
SUSE-SU-2025:03278-1
SUSE-SU-2025:0602-1
SUSE-SU-2025:0980-1
SUSE-SU-2025:20196-1
SUSE-SU-2025:20278-1
SUSE-SU-2025_02581-1
SUSE-SU-2025_03278-1
SUSE-SU-2026:20550-1
USN-7197-1

Affected Products

Alt Linux
Debian
Golang
Linuxmint
Red Os
Suse
Ubuntu