PT-2024-6107 · Go+11 · Go+11

Rolandshoemaker

Published

2024-08-29

Updated

2025-02-07

CVE-2024-34155

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Go versions prior to 1.23.1 and 1.22.1

Description The issue is related to the Parse function in the Go programming language, which can cause a panic due to stack exhaustion when dealing with deeply nested literals in Go source code. This can be exploited by a remote attacker to cause a denial of service.

Recommendations For Go versions prior to 1.23.1, update to version 1.23.1 or later. For Go versions prior to 1.22.1, update to version 1.22.1 or later.

Fix

Improper Resource Release

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404CWE-674

Related Identifiers

ALSA-2024:6908

ALSA-2024:6913

ALSA-2024:8038

ALSA-2024:8039

ALSA-2024:8112

ALSA-2024:9454

ALSA-2024:9459

ALT-PU-2024-12198

ALT-PU-2024-12622

ALT-PU-2024-13971

ALT-PU-2024-15601

ALT-PU-2024-16387

AZL-48896

AZL-78988

BDU:2024-07020

BIT-GOLANG-2024-34155

CESA-2024_6908

CESA-2024_8038

CVE-2024-34155

ECHO-E851-3ECB-A213

GO-2024-3105

INFSA-2024_6908

INFSA-2024_6913

INFSA-2024_8038

INFSA-2024_8039

INFSA-2024_8112

INFSA-2024_9454

INFSA-2024_9459

MGASA-2024-0376

OESA-2024-2396

OESA-2024-2397

OESA-2024-2398

OESA-2024-2399

OESA-2024-2587

OPENSUSE-SU-2024:14323-1

OPENSUSE-SU-2024:14324-1

OPENSUSE-SU-2024:14392-1

OPENSUSE-SU-2024_3213-1

OPENSUSE-SU-2024_3214-1

OPENSUSE-SU-2024_3773-1

OPENSUSE-SU-2024_3809-1

OPENSUSE-SU-2025:0056-1

RHSA-2024:6908

RHSA-2024:6913

RHSA-2024:8038

RHSA-2024:8039

RHSA-2024:8112

RHSA-2024:8232

RHSA-2024:8263

RHSA-2024:8428

RHSA-2024:8690

RHSA-2024:8694

RHSA-2024:8700

RHSA-2024:9454

RHSA-2024:9459

RHSA-2024_6908

RHSA-2024_6913

RHSA-2024_8038

RHSA-2024_8039

RHSA-2024_8112

RHSA-2024_9454

RHSA-2024_9459

RLSA-2024:6908

RLSA-2024:6913

RLSA-2024:8038

RLSA-2024:8039

SUSE-SU-2024:3196-1

SUSE-SU-2024:3197-1

SUSE-SU-2024:3213-1

SUSE-SU-2024:3214-1

SUSE-SU-2024:3453-1

SUSE-SU-2024:3454-1

SUSE-SU-2024:3455-1

SUSE-SU-2024:3456-1

SUSE-SU-2024:3457-1

SUSE-SU-2024:3458-1

SUSE-SU-2024:3459-1

SUSE-SU-2024:3772-1

SUSE-SU-2024:3773-1

SUSE-SU-2024:3809-1

SUSE-SU-2024:3937-1

SUSE-SU-2024:3938-1

SUSE-SU-2024_3196-1

SUSE-SU-2024_3197-1

SUSE-SU-2024_3213-1

SUSE-SU-2024_3214-1

SUSE-SU-2024_3773-1

SUSE-SU-2024_3809-1

SUSE-SU-2024_3937-1

USN-7081-1

USN-7109-1

USN-7111-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2024-6107 · Go+11 · Go+11

CVE-2024-34155

Weakness Enumeration

Related Identifiers

Affected Products

References · 213