A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service.

References

bugzilla.redhat.com/show_bug.cgi?id=2184483

go.dev/issue/58975

groups.google.com/g/golang-announce/c/Xdv6JL9ENs8

nvd.nist.gov/vuln/detail/CVE-2023-24534

www.cve.org/CVERecord?id=CVE-2023-24534

cve 1

nessus 61

amazon 3

veracode 2

nvd 1

cvelist 1

debiancve 1

ibm 18

prion 1

cgr 1

alpinelinux 1

cbl_mariner 3

osv 14

ubuntucve 1

wolfi 1

freebsd 2

github 1

openvas 12

redhat 40

mageia 1

altlinux 1

ubuntu 3

almalinux 8

oraclelinux 7

redos 1

photon 7

gentoo 1

cve

CVE-2023-24534

2023-04-06 16:15:07

nessus

Amazon Linux 2 : golang (ALAS-2023-2037)

2023-05-17 00:00:00

RHEL 9 : OpenShift Container Platform 4.13.8 (RHSA-2023:4459)

2024-04-28 00:00:00

EulerOS 2.0 SP9 : golang (EulerOS-SA-2023-2334)

2023-07-09 00:00:00

amazon

Important: golang

2023-05-11 17:49:00

Important: golang

2023-04-13 19:28:00

Important: golang

2023-04-13 19:01:00

veracode

Denial Of Service (DoS)

2023-04-11 23:43:20

Denial Of Service (DoS)

2023-04-18 10:56:33

nvd

CVE-2023-24534

2023-04-06 16:15:07

cvelist

CVE-2023-24534 Excessive memory allocation in net/http and net/textproto

2023-04-06 15:50:45

debiancve

CVE-2023-24534

2023-04-06 16:15:07

ibm

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Golang Go (CVE-2023-24534)

2023-07-27 17:34:21

Security Bulletin: Operations Dashboard is vulnerable to denial of service due to Go (CVE-2023-24534)

2023-10-02 13:50:14

Security Bulletin: IBM Storage Protect Server is vulnerable to denial of service due to Golang Go ( CVE-2023-24534 )

2023-07-24 16:11:55

prion

Design/Logic Flaw

2023-04-06 16:15:00

cgr

CVE-2023-24534 vulnerabilities

2024-05-19 03:07:16

alpinelinux

CVE-2023-24534

2023-04-06 16:15:07

cbl_mariner

CVE-2023-24534 affecting package golang for versions less than 1.20.7-1

2024-07-03 17:22:43

CVE-2023-24534 affecting package msft-golang for versions less than 1.20.7-1

2024-07-03 17:22:50

CVE-2023-24534 affecting package golang for versions less than 1.20.7-1

2024-07-03 17:22:50

osv

BIT-golang-2023-24534

2024-03-06 10:57:03

CVE-2023-24534

2023-04-06 16:15:07

Excessive memory allocation in net/http and net/textproto

2023-04-05 21:04:28

ubuntucve

CVE-2023-24534

2023-04-06 00:00:00

wolfi

CVE-2023-24534 vulnerabilities

2024-07-03 16:16:08

freebsd

traefik -- Use of vulnerable Go modules net/http, net/textproto

2023-03-10 00:00:00

go -- multiple vulnerabilities

2023-04-04 00:00:00

github

Traefik HTTP header parsing could cause a denial of service

2023-04-11 20:59:22

openvas

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-2334)

2023-07-10 00:00:00

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-2314)

2023-07-10 00:00:00

SUSE: Security Advisory (SUSE-SU-2023:1792-1)

2023-04-07 00:00:00

redhat

(RHSA-2023:4459) Moderate: OpenShift Container Platform 4.13.8 packages and security update

2023-08-08 11:24:53

(RHSA-2023:4986) Moderate: Red Hat OpenShift Distributed Tracing 2.9.0 security update

2023-09-06 07:54:47

(RHSA-2023:3536) Important: OpenShift Container Platform 4.13.3 packages and security update

2023-06-13 13:18:37

mageia

Updated golang packages fix security vulnerability

2023-04-15 22:03:44

altlinux

Security fix for the ALT Linux 10 package golang version 1.19.8-alt1

2023-04-10 00:00:00

ubuntu

Go vulnerabilities

2023-06-06 00:00:00

Go vulnerabilities

2024-01-09 00:00:00

Go vulnerabilities

2023-04-25 00:00:00

almalinux

Moderate: grafana security and enhancement update

2023-11-07 00:00:00

Moderate: buildah security update

2023-11-07 00:00:00

Moderate: containernetworking-plugins security and bug fix update

2023-11-07 00:00:00

oraclelinux

grafana security and enhancement update

2023-11-11 00:00:00

skopeo security update

2023-11-11 00:00:00

containernetworking-plugins security and bug fix update

2023-11-11 00:00:00

redos

ROS-20240418-06

2024-04-18 00:00:00

photon

Critical Photon OS Security Update - PHSA-2023-5.0-0037

2023-06-23 00:00:00

Critical Photon OS Security Update - PHSA-2023-4.0-0425

2023-07-12 00:00:00

Critical Photon OS Security Update - PHSA-2023-5.0-0043

2023-07-04 00:00:00

gentoo

Go: Multiple Vulnerabilities

2023-11-25 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.8%

JSON

Related for RH:CVE-2023-24534