PT-2024-6112 · Google+11 · Go+11

Rolandshoemaker

Published

2024-08-29

Updated

2025-05-14

CVE-2024-34158

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Go versions prior to 1.23.1 Go versions prior to 1.22.7

Description The issue is related to the Parse function in the Go programming language, which can cause a panic due to stack exhaustion when dealing with deeply nested expressions in a "// +build" build tag line. This can be exploited by a remote attacker to cause a denial of service.

Recommendations For Go versions prior to 1.23.1, update to version 1.23.1 or later. For Go versions prior to 1.22.7, update to version 1.22.7 or later.

Fix

DoS

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-674

Related Identifiers

ALSA-2024:6908

ALSA-2024:6913

ALSA-2024:8038

ALSA-2024:8039

ALSA-2024:8112

ALSA-2024:9454

ALSA-2024:9459

ALSA-2025:7118

ALT-PU-2024-12198

ALT-PU-2024-12622

ALT-PU-2024-13971

ALT-PU-2024-15601

ALT-PU-2024-16387

AZL-48929

AZL-79078

BDU:2024-07026

BIT-GOLANG-2024-34158

CESA-2024_6908

CESA-2024_8038

CVE-2024-34158

ECHO-04D2-D010-5594

GO-2024-3107

INFSA-2024_6908

INFSA-2024_6913

INFSA-2024_8038

INFSA-2024_8039

INFSA-2024_8112

INFSA-2024_9454

INFSA-2024_9459

INFSA-2025_7118

MGASA-2024-0376

OESA-2024-2396

OESA-2024-2397

OESA-2024-2399

OESA-2024-2587

OPENSUSE-SU-2024:14323-1

OPENSUSE-SU-2024:14324-1

OPENSUSE-SU-2024_3213-1

OPENSUSE-SU-2024_3214-1

OPENSUSE-SU-2024_3773-1

OPENSUSE-SU-2024_3809-1

OPENSUSE-SU-2025:0056-1

RHSA-2024:6908

RHSA-2024:6913

RHSA-2024:8038

RHSA-2024:8039

RHSA-2024:8112

RHSA-2024:8232

RHSA-2024:8263

RHSA-2024:8428

RHSA-2024:8690

RHSA-2024:8694

RHSA-2024:8700

RHSA-2024:9454

RHSA-2024:9459

RHSA-2024_6908

RHSA-2024_6913

RHSA-2024_8038

RHSA-2024_8039

RHSA-2024_8112

RHSA-2024_9454

RHSA-2024_9459

RHSA-2025:7118

RHSA-2025_7118

RLSA-2024:6908

RLSA-2024:6913

RLSA-2024:8038

RLSA-2024:8039

SUSE-SU-2024:3196-1

SUSE-SU-2024:3197-1

SUSE-SU-2024:3213-1

SUSE-SU-2024:3214-1

SUSE-SU-2024:3453-1

SUSE-SU-2024:3454-1

SUSE-SU-2024:3455-1

SUSE-SU-2024:3456-1

SUSE-SU-2024:3457-1

SUSE-SU-2024:3458-1

SUSE-SU-2024:3459-1

SUSE-SU-2024:3772-1

SUSE-SU-2024:3773-1

SUSE-SU-2024:3809-1

SUSE-SU-2024:3937-1

SUSE-SU-2024:3938-1

USN-7081-1

USN-7109-1

USN-7111-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2024-6112 · Google+11 · Go+11

CVE-2024-34158

Weakness Enumeration

Related Identifiers

Affected Products

References · 216