Lucene search
Veracode Vulnerability DatabaseVERACODE:40158HistoryApr 18, 2023 - 11:58 a.m.
Denial Of Service (DoS)
2023-04-1811:58:35
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
17
denial of service
integer overflow
infinite loop
application crash
parsing functions
vulnerable software
0.001 Low
EPSS
Percentile
42.5%
github.com/golang/go is vulnerable to Denial of Service (DoS) attacks. A malicious user is able to cause an infinite loop via integer overflows when calling any of the Parse functions which contain //line directives with very large line numbers, which can cause the application to crash.
References
github.com/golang/go/commit/126a1d02da82f93ede7ce0bd8d3c51ef627f2104
github.com/golang/go/commit/e7c4b07ecf6b367f1afc9cc48cde963829dd0aab
github.com/golang/go/issues/59273
github.com/golang/go/issues/59274
go.dev/cl/482078
go.dev/issue/59180
groups.google.com/g/golang-announce/c/Xdv6JL9ENs8
pkg.go.dev/vuln/GO-2023-1702
security.gentoo.org/glsa/202311-09
Related
cve
cve
CVE-2023-24537
2023-04-06 16:15:07
nvd
nvd
CVE-2023-24537
2023-04-06 16:15:07
veracode
veracode
Denial Of Service (DoS)
2023-04-11 23:40:29
cbl_mariner
cbl_mariner
CVE-2023-24537 affecting package golang for versions less than 1.20.7-1
2024-07-05 17:10:09
CVE-2023-24537 affecting package golang for versions less than 1.20.7-1
2024-07-05 17:10:16
nessus
nessus
Amazon Linux 2 : golang (ALAS-2023-2024)
2023-05-02 00:00:00
EulerOS 2.0 SP9 : golang (EulerOS-SA-2023-2334)
2023-07-09 00:00:00
EulerOS 2.0 SP9 : golang (EulerOS-SA-2023-2314)
2023-07-09 00:00:00
ibm
ibm
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Golang Go (CVE-2023-24537).
2023-07-27 17:25:46
debiancve
debiancve
CVE-2023-24537
2023-04-06 16:15:07
cgr
cgr
CVE-2023-24537 vulnerabilities
2024-05-19 03:07:16
osv
osv
Infinite loop in parsing in go/scanner
2023-04-05 21:05:07
BIT-golang-2023-24537
2024-03-06 10:56:42
CVE-2023-24537
2023-04-06 16:15:07
alpinelinux
alpinelinux
CVE-2023-24537
2023-04-06 16:15:07
prion
prion
Integer overflow
2023-04-06 16:15:00
amazon
amazon
Medium: golang
2023-04-27 18:36:00
Important: golang
2023-04-13 19:28:00
Important: golang
2023-04-13 19:01:00
redhatcve
redhatcve
CVE-2023-24537
2023-04-04 20:43:24
ubuntucve
ubuntucve
CVE-2023-24537
2023-04-06 00:00:00
cvelist
cvelist
CVE-2023-24537 Infinite loop in parsing in go/scanner
2023-04-06 15:50:49
wolfi
wolfi
CVE-2023-24537 vulnerabilities
2024-07-05 15:46:04
openvas
openvas
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-2334)
2023-07-10 00:00:00
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-2314)
2023-07-10 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:1792-1)
2023-04-07 00:00:00
mageia
mageia
Updated golang packages fix security vulnerability
2023-04-15 22:03:44
freebsd
freebsd
go -- multiple vulnerabilities
2023-04-04 00:00:00
redhat
redhat
altlinux
altlinux
Security fix for the ALT Linux 10 package golang version 1.19.8-alt1
2023-04-10 00:00:00
ubuntu
ubuntu
Go vulnerabilities
2023-06-06 00:00:00
Go vulnerabilities
2024-01-09 00:00:00
Go vulnerabilities
2023-04-25 00:00:00
almalinux
almalinux
Moderate: skopeo security update
2023-11-07 00:00:00
Moderate: podman security, bug fix, and enhancement update
2023-11-07 00:00:00
Moderate: container-tools:4.0 security and bug fix update
2023-11-14 00:00:00
oraclelinux
oraclelinux
skopeo security update
2023-11-11 00:00:00
podman security, bug fix, and enhancement update
2023-11-11 00:00:00
container-tools:4.0 security and bug fix update
2023-11-18 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2023-5.0-0037
2023-06-23 00:00:00
Critical Photon OS Security Update - PHSA-2023-4.0-0425
2023-07-12 00:00:00
Critical Photon OS Security Update - PHSA-2023-5.0-0043
2023-07-04 00:00:00
gentoo
gentoo
Go: Multiple Vulnerabilities
2023-11-25 00:00:00