PT-2024-4460 · Go+10 · Netmail+10

Juho Nurminen

+1

·

Published

2024-01-12

·

Updated

2024-11-14

·

CVE-2024-24784

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions net/mail package in Go (affected versions not specified)
Description The issue is related to the ParseAddressList function, which incorrectly handles comments within display names. This can lead to different trust decisions being made by programs using different parsers, potentially allowing a remote attacker to perform spoofing attacks by providing specially crafted input data.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-115

Related Identifiers

ALSA-2024:2562
ALSA-2024:3259
ALSA-2024:5258
ALSA-2024:6969
AZL-37466
AZL-37519
AZL-79048
BDU:2024-04962
BIT-GOLANG-2024-24784
CESA-2024_3259
CESA-2024_5258
CESA-2024_6969
CVE-2024-24784
GHSA-FGQ5-Q76C-GX78
GO-2024-2609
INFSA-2024_2562
INFSA-2024_3259
INFSA-2024_5258
INFSA-2024_6969
OESA-2024-1432
OPENSUSE-SU-2024:13752-1
OPENSUSE-SU-2024:13756-1
OPENSUSE-SU-2024_0812-1
OPENSUSE-SU-2024_3089-1
OPENSUSE-SU-2024_3755-1
RHSA-2024:0045
RHSA-2024:2562
RHSA-2024:3259
RHSA-2024:4023
RHSA-2024:5258
RHSA-2024:6969
RHSA-2024_2562
RHSA-2024_3259
RHSA-2024_5258
RHSA-2024_6969
RLSA-2024:2562
RLSA-2024:3259
RLSA-2024:5258
SUSE-SU-2024:0800-1
SUSE-SU-2024:0811-1
SUSE-SU-2024:0812-1
SUSE-SU-2024:0936-1
SUSE-SU-2024:3089-1
SUSE-SU-2024:3755-1
SUSE-SU-2024:3772-1
SUSE-SU-2024:3938-1
USN-6886-1
USN-7109-1
USN-7111-1

Affected Products

Almalinux
Astra Linux
Centos
Debian
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Netmail