csaf_redhat - rhsa-2024:6913

RHSA-2024:6913

Vulnerability from csaf_redhat - Published: 2024-09-23 01:53 - Updated: 2025-11-28 12:47

Summary

Red Hat Security Advisory: golang security update

Notes

Topic

An update for golang is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

The golang packages provide the Go programming language compiler. Security Fix(es): * net/http: Denial of service due to improper 100-continue handling in net/http (CVE-2024-24791) * go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion (CVE-2024-34155) * encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156) * go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion (CVE-2024-34158) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for golang is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The golang packages provide the Go programming language compiler.\n\nSecurity Fix(es):\n\n* net/http: Denial of service due to improper 100-continue handling in net/http (CVE-2024-24791)\n\n* go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion (CVE-2024-34155)\n\n* encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)\n\n* go/build/constraint: golang: Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion (CVE-2024-34158)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:6913",
        "url": "https://access.redhat.com/errata/RHSA-2024:6913"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2295310",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295310"
      },
      {
        "category": "external",
        "summary": "2310527",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310527"
      },
      {
        "category": "external",
        "summary": "2310528",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528"
      },
      {
        "category": "external",
        "summary": "2310529",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310529"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_6913.json"
      }
    ],
    "title": "Red Hat Security Advisory: golang security update",
    "tracking": {
      "current_release_date": "2025-11-28T12:47:15+00:00",
      "generator": {
        "date": "2025-11-28T12:47:15+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.13"
        }
      },
      "id": "RHSA-2024:6913",
      "initial_release_date": "2024-09-23T01:53:11+00:00",
      "revision_history": [
        {
          "date": "2024-09-23T01:53:11+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-09-23T01:53:11+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-28T12:47:15+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream (v. 9)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream (v. 9)",
                  "product_id": "AppStream-9.4.0.Z.MAIN.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "go-toolset-0:1.21.13-3.el9_4.aarch64",
                "product": {
                  "name": "go-toolset-0:1.21.13-3.el9_4.aarch64",
                  "product_id": "go-toolset-0:1.21.13-3.el9_4.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/go-toolset@1.21.13-3.el9_4?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "golang-0:1.21.13-3.el9_4.aarch64",
                "product": {
                  "name": "golang-0:1.21.13-3.el9_4.aarch64",
                  "product_id": "golang-0:1.21.13-3.el9_4.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/golang@1.21.13-3.el9_4?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "golang-bin-0:1.21.13-3.el9_4.aarch64",
                "product": {
                  "name": "golang-bin-0:1.21.13-3.el9_4.aarch64",
                  "product_id": "golang-bin-0:1.21.13-3.el9_4.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/golang-bin@1.21.13-3.el9_4?arch=aarch64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "go-toolset-0:1.21.13-3.el9_4.ppc64le",
                "product": {
                  "name": "go-toolset-0:1.21.13-3.el9_4.ppc64le",
                  "product_id": "go-toolset-0:1.21.13-3.el9_4.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/go-toolset@1.21.13-3.el9_4?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "golang-0:1.21.13-3.el9_4.ppc64le",
                "product": {
                  "name": "golang-0:1.21.13-3.el9_4.ppc64le",
                  "product_id": "golang-0:1.21.13-3.el9_4.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/golang@1.21.13-3.el9_4?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "golang-bin-0:1.21.13-3.el9_4.ppc64le",
                "product": {
                  "name": "golang-bin-0:1.21.13-3.el9_4.ppc64le",
                  "product_id": "golang-bin-0:1.21.13-3.el9_4.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/golang-bin@1.21.13-3.el9_4?arch=ppc64le"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "go-toolset-0:1.21.13-3.el9_4.x86_64",
                "product": {
                  "name": "go-toolset-0:1.21.13-3.el9_4.x86_64",
                  "product_id": "go-toolset-0:1.21.13-3.el9_4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/go-toolset@1.21.13-3.el9_4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "golang-0:1.21.13-3.el9_4.x86_64",
                "product": {
                  "name": "golang-0:1.21.13-3.el9_4.x86_64",
                  "product_id": "golang-0:1.21.13-3.el9_4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/golang@1.21.13-3.el9_4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "golang-bin-0:1.21.13-3.el9_4.x86_64",
                "product": {
                  "name": "golang-bin-0:1.21.13-3.el9_4.x86_64",
                  "product_id": "golang-bin-0:1.21.13-3.el9_4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/golang-bin@1.21.13-3.el9_4?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "go-toolset-0:1.21.13-3.el9_4.s390x",
                "product": {
                  "name": "go-toolset-0:1.21.13-3.el9_4.s390x",
                  "product_id": "go-toolset-0:1.21.13-3.el9_4.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/go-toolset@1.21.13-3.el9_4?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "golang-0:1.21.13-3.el9_4.s390x",
                "product": {
                  "name": "golang-0:1.21.13-3.el9_4.s390x",
                  "product_id": "golang-0:1.21.13-3.el9_4.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/golang@1.21.13-3.el9_4?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "golang-bin-0:1.21.13-3.el9_4.s390x",
                "product": {
                  "name": "golang-bin-0:1.21.13-3.el9_4.s390x",
                  "product_id": "golang-bin-0:1.21.13-3.el9_4.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/golang-bin@1.21.13-3.el9_4?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "golang-0:1.21.13-3.el9_4.src",
                "product": {
                  "name": "golang-0:1.21.13-3.el9_4.src",
                  "product_id": "golang-0:1.21.13-3.el9_4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/golang@1.21.13-3.el9_4?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "golang-docs-0:1.21.13-3.el9_4.noarch",
                "product": {
                  "name": "golang-docs-0:1.21.13-3.el9_4.noarch",
                  "product_id": "golang-docs-0:1.21.13-3.el9_4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/golang-docs@1.21.13-3.el9_4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "golang-misc-0:1.21.13-3.el9_4.noarch",
                "product": {
                  "name": "golang-misc-0:1.21.13-3.el9_4.noarch",
                  "product_id": "golang-misc-0:1.21.13-3.el9_4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/golang-misc@1.21.13-3.el9_4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "golang-src-0:1.21.13-3.el9_4.noarch",
                "product": {
                  "name": "golang-src-0:1.21.13-3.el9_4.noarch",
                  "product_id": "golang-src-0:1.21.13-3.el9_4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/golang-src@1.21.13-3.el9_4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "golang-tests-0:1.21.13-3.el9_4.noarch",
                "product": {
                  "name": "golang-tests-0:1.21.13-3.el9_4.noarch",
                  "product_id": "golang-tests-0:1.21.13-3.el9_4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/golang-tests@1.21.13-3.el9_4?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go-toolset-0:1.21.13-3.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.aarch64"
        },
        "product_reference": "go-toolset-0:1.21.13-3.el9_4.aarch64",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go-toolset-0:1.21.13-3.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.ppc64le"
        },
        "product_reference": "go-toolset-0:1.21.13-3.el9_4.ppc64le",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go-toolset-0:1.21.13-3.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.s390x"
        },
        "product_reference": "go-toolset-0:1.21.13-3.el9_4.s390x",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "go-toolset-0:1.21.13-3.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.x86_64"
        },
        "product_reference": "go-toolset-0:1.21.13-3.el9_4.x86_64",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "golang-0:1.21.13-3.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.aarch64"
        },
        "product_reference": "golang-0:1.21.13-3.el9_4.aarch64",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "golang-0:1.21.13-3.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.ppc64le"
        },
        "product_reference": "golang-0:1.21.13-3.el9_4.ppc64le",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "golang-0:1.21.13-3.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.s390x"
        },
        "product_reference": "golang-0:1.21.13-3.el9_4.s390x",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "golang-0:1.21.13-3.el9_4.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.src"
        },
        "product_reference": "golang-0:1.21.13-3.el9_4.src",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "golang-0:1.21.13-3.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.x86_64"
        },
        "product_reference": "golang-0:1.21.13-3.el9_4.x86_64",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "golang-bin-0:1.21.13-3.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.aarch64"
        },
        "product_reference": "golang-bin-0:1.21.13-3.el9_4.aarch64",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "golang-bin-0:1.21.13-3.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.ppc64le"
        },
        "product_reference": "golang-bin-0:1.21.13-3.el9_4.ppc64le",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "golang-bin-0:1.21.13-3.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.s390x"
        },
        "product_reference": "golang-bin-0:1.21.13-3.el9_4.s390x",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "golang-bin-0:1.21.13-3.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.x86_64"
        },
        "product_reference": "golang-bin-0:1.21.13-3.el9_4.x86_64",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "golang-docs-0:1.21.13-3.el9_4.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.13-3.el9_4.noarch"
        },
        "product_reference": "golang-docs-0:1.21.13-3.el9_4.noarch",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "golang-misc-0:1.21.13-3.el9_4.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.13-3.el9_4.noarch"
        },
        "product_reference": "golang-misc-0:1.21.13-3.el9_4.noarch",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "golang-src-0:1.21.13-3.el9_4.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.13-3.el9_4.noarch"
        },
        "product_reference": "golang-src-0:1.21.13-3.el9_4.noarch",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "golang-tests-0:1.21.13-3.el9_4.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.13-3.el9_4.noarch"
        },
        "product_reference": "golang-tests-0:1.21.13-3.el9_4.noarch",
        "relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-24791",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2024-07-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2295310"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "net/http: Denial of service due to improper 100-continue handling in net/http",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "An attacker would need to control a malicious server and induce a client to connect to it, requiring some amount of preparation outside of the attacker\u0027s control. This reduces the severity score of this flaw to Moderate.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-20: Improper Input Validation vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nRed Hat enforces the principle of least functionality, ensuring that only essential features, services, and ports are enabled. This minimizes the number of components that could be affected by input validation vulnerabilities. Security testing and evaluation standards are implemented within the environment to rigorously test input validation mechanisms during the development lifecycle, while static code analysis identifies potential input validation vulnerabilities by default. Process isolation ensures that processes handling potentially malicious or unvalidated inputs run in isolated environments by separating execution domains for each process. Malicious code protections, such as IPS/IDS and antimalware solutions, help detect and mitigate malicious payloads stemming from input validation vulnerabilities. Finally, robust input validation and error-handling mechanisms ensure all user inputs are thoroughly validated, preventing improperly validated inputs from causing system instability, exposing sensitive data, or escalating risks further.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.aarch64",
          "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.ppc64le",
          "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.s390x",
          "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.x86_64",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.aarch64",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.ppc64le",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.s390x",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.src",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.x86_64",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.aarch64",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.ppc64le",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.s390x",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.x86_64",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.13-3.el9_4.noarch",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.13-3.el9_4.noarch",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.13-3.el9_4.noarch",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.13-3.el9_4.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-24791"
        },
        {
          "category": "external",
          "summary": "RHBZ#2295310",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295310"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-24791",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24791",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24791"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/591255",
          "url": "https://go.dev/cl/591255"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/67555",
          "url": "https://go.dev/issue/67555"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ",
          "url": "https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ"
        }
      ],
      "release_date": "2024-07-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-09-23T01:53:11+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.src",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.13-3.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.13-3.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.13-3.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.13-3.el9_4.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:6913"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.src",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.13-3.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.13-3.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.13-3.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.13-3.el9_4.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.src",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.13-3.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.13-3.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.13-3.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.13-3.el9_4.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "net/http: Denial of service due to improper 100-continue handling in net/http"
    },
    {
      "cve": "CVE-2024-34155",
      "cwe": {
        "id": "CWE-674",
        "name": "Uncontrolled Recursion"
      },
      "discovery_date": "2024-09-06T21:20:06.929766+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2310527"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-674: Uncontrolled Recursion vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nInput validation controls ensure that inputs triggering recursion are validated to stay within safe limits which reduces the risk of infinite or excessive recursion. The implementation of least functionality on the platform further restricts potential impacts of recursions by disabling unnecessary recursive functions or features, thus reducing the available pathways for a would-be attacker. The inclusion of developer testing and evaluation ensures that recursive functions are tested and that safeguards like error handling are in place. In the case of successful exploitation, detection and containment controls are in place to limit impacts by alerting on anomalous system behavior in real time while process isolation can limit impacts to a single process.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.aarch64",
          "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.ppc64le",
          "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.s390x",
          "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.x86_64",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.aarch64",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.ppc64le",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.s390x",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.src",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.x86_64",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.aarch64",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.ppc64le",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.s390x",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.x86_64",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.13-3.el9_4.noarch",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.13-3.el9_4.noarch",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.13-3.el9_4.noarch",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.13-3.el9_4.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-34155"
        },
        {
          "category": "external",
          "summary": "RHBZ#2310527",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310527"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-34155",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34155",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34155"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/611238",
          "url": "https://go.dev/cl/611238"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/69138",
          "url": "https://go.dev/issue/69138"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk",
          "url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2024-3105",
          "url": "https://pkg.go.dev/vuln/GO-2024-3105"
        }
      ],
      "release_date": "2024-09-06T21:15:11.947000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-09-23T01:53:11+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.src",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.13-3.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.13-3.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.13-3.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.13-3.el9_4.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:6913"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.src",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.13-3.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.13-3.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.13-3.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.13-3.el9_4.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.src",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.13-3.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.13-3.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.13-3.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.13-3.el9_4.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion"
    },
    {
      "cve": "CVE-2024-34156",
      "cwe": {
        "id": "CWE-674",
        "name": "Uncontrolled Recursion"
      },
      "discovery_date": "2024-09-06T21:20:09.377905+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2310528"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability in Go\u0027s `encoding/gob` package is of high severity because it exposes applications to potential Denial of Service (DoS) attacks through stack exhaustion. Since `gob` relies on recursive function calls to decode nested structures, an attacker could exploit this by sending crafted messages with excessively deep nesting, causing the application to panic due to stack overflow. This risk is particularly important in scenarios where untrusted or external input is processed, as it can lead to system unavailability or crashes, undermining the reliability and availability of services.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.aarch64",
          "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.ppc64le",
          "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.s390x",
          "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.x86_64",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.aarch64",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.ppc64le",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.s390x",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.src",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.x86_64",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.aarch64",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.ppc64le",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.s390x",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.x86_64",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.13-3.el9_4.noarch",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.13-3.el9_4.noarch",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.13-3.el9_4.noarch",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.13-3.el9_4.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-34156"
        },
        {
          "category": "external",
          "summary": "RHBZ#2310528",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-34156",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/611239",
          "url": "https://go.dev/cl/611239"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/69139",
          "url": "https://go.dev/issue/69139"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk",
          "url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2024-3106",
          "url": "https://pkg.go.dev/vuln/GO-2024-3106"
        }
      ],
      "release_date": "2024-09-06T21:15:12.020000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-09-23T01:53:11+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.src",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.13-3.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.13-3.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.13-3.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.13-3.el9_4.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:6913"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.src",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.13-3.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.13-3.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.13-3.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.13-3.el9_4.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.src",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.13-3.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.13-3.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.13-3.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.13-3.el9_4.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion"
    },
    {
      "cve": "CVE-2024-34158",
      "cwe": {
        "id": "CWE-1325",
        "name": "Improperly Controlled Sequential Memory Allocation"
      },
      "discovery_date": "2024-09-06T21:20:12.126400+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2310529"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the go/build/constraint package of the Golang standard library. Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "go/build/constraint: golang: Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-1325: Improperly Controlled Sequential Memory Allocation vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nAccess to the platform is granted only after successful hard token-based multi-factor authentication (MFA) and is governed by least privilege to ensure only authorized users and roles can execute or modify code. Static code analysis and peer reviews enforce strong input validation and error handling, preventing improperly validated inputs from causing system instability, data exposure, or privilege escalation. In the event of successful exploitation, process isolation limits the impact of excessive sequential memory allocation by restricting memory use per process, preventing any single process from exhausting system resources. Finally, the platform uses memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) to reduce the risk of memory allocation-based attacks.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.aarch64",
          "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.ppc64le",
          "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.s390x",
          "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.x86_64",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.aarch64",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.ppc64le",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.s390x",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.src",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.x86_64",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.aarch64",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.ppc64le",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.s390x",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.x86_64",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.13-3.el9_4.noarch",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.13-3.el9_4.noarch",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.13-3.el9_4.noarch",
          "AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.13-3.el9_4.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-34158"
        },
        {
          "category": "external",
          "summary": "RHBZ#2310529",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310529"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-34158",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34158",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34158"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/611240",
          "url": "https://go.dev/cl/611240"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/69141",
          "url": "https://go.dev/issue/69141"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk",
          "url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2024-3107",
          "url": "https://pkg.go.dev/vuln/GO-2024-3107"
        }
      ],
      "release_date": "2024-09-06T21:15:12.083000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-09-23T01:53:11+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.src",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.13-3.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.13-3.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.13-3.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.13-3.el9_4.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:6913"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.src",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.13-3.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.13-3.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.13-3.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.13-3.el9_4.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.13-3.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.src",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.13-3.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.aarch64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.ppc64le",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.s390x",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.13-3.el9_4.x86_64",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.13-3.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.13-3.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.13-3.el9_4.noarch",
            "AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.13-3.el9_4.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "go/build/constraint: golang: Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion"
    }
  ]
}

CVE-2024-34156 (GCVE-0-2024-34156)

Vulnerability from cvelistv5 – Published: 2024-09-06 20:42 – Updated: 2024-09-26 15:03

Summary

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-674 - Uncontrolled Recursion

Assigner

References

URL

Tags

	https://go.dev/cl/611239
	https://go.dev/issue/69139
	https://groups.google.com/g/golang-dev/c/S9POB9NCTdk
	https://pkg.go.dev/vuln/GO-2024-3106

Impacted products

	Vendor	Product	Version
	Go standard library	encoding/gob	Affected: 0 , < 1.22.7 (semver) Affected: 1.23.0-0 , < 1.23.1 (semver)

Credits

Md Sakib Anwar of The Ohio State University (anwar.40@osu.edu)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:go_standard_library:encoding\\/gob:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "encoding\\/gob",
            "vendor": "go_standard_library",
            "versions": [
              {
                "lessThan": "1.22.7",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              },
              {
                "lessThan": "1.23.1",
                "status": "affected",
                "version": "1.23.0-0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-34156",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-09T14:04:16.338747Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-09T14:29:46.867Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-09-26T15:03:08.203Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20240926-0004/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "encoding/gob",
          "product": "encoding/gob",
          "programRoutines": [
            {
              "name": "Decoder.decIgnoreOpFor"
            },
            {
              "name": "Decoder.Decode"
            },
            {
              "name": "Decoder.DecodeValue"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.22.7",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.23.1",
              "status": "affected",
              "version": "1.23.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Md Sakib Anwar of The Ohio State University (anwar.40@osu.edu)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-674: Uncontrolled Recursion",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-06T20:42:42.661Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/611239"
        },
        {
          "url": "https://go.dev/issue/69139"
        },
        {
          "url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2024-3106"
        }
      ],
      "title": "Stack exhaustion in Decoder.Decode in encoding/gob"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2024-34156",
    "datePublished": "2024-09-06T20:42:42.661Z",
    "dateReserved": "2024-05-01T18:45:34.846Z",
    "dateUpdated": "2024-09-26T15:03:08.203Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-34155 (GCVE-0-2024-34155)

Vulnerability from cvelistv5 – Published: 2024-09-06 20:42 – Updated: 2024-11-04 16:59

Summary

Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.

Severity ?

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-674 - Uncontrolled Recursion

Assigner

References

URL

Tags

	https://go.dev/cl/611238
	https://go.dev/issue/69138
	https://groups.google.com/g/golang-dev/c/S9POB9NCTdk
	https://pkg.go.dev/vuln/GO-2024-3105

Impacted products

	Vendor	Product	Version
	Go standard library	go/parser	Affected: 0 , < 1.22.7 (semver) Affected: 1.23.0-0 , < 1.23.1 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 4.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-34155",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-09T13:55:36.320331Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-04T16:59:31.685Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-09-26T15:03:07.202Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20240926-0005/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "go/parser",
          "product": "go/parser",
          "programRoutines": [
            {
              "name": "parser.parseLiteralValue"
            },
            {
              "name": "ParseDir"
            },
            {
              "name": "ParseExpr"
            },
            {
              "name": "ParseExprFrom"
            },
            {
              "name": "ParseFile"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.22.7",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.23.1",
              "status": "affected",
              "version": "1.23.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-674: Uncontrolled Recursion",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-06T20:42:42.518Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/611238"
        },
        {
          "url": "https://go.dev/issue/69138"
        },
        {
          "url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2024-3105"
        }
      ],
      "title": "Stack exhaustion in all Parse functions in go/parser"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2024-34155",
    "datePublished": "2024-09-06T20:42:42.518Z",
    "dateReserved": "2024-05-01T18:45:34.846Z",
    "dateUpdated": "2024-11-04T16:59:31.685Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-24791 (GCVE-0-2024-24791)

Vulnerability from cvelistv5 – Published: 2024-07-02 21:28 – Updated: 2024-10-04 15:02

Summary

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE 400: Uncontrolled Resource Consumption

Assigner

References

URL

Tags

	https://go.dev/cl/591255
	https://go.dev/issue/67555
	https://groups.google.com/g/golang-dev/c/t0rK-qHB…
	https://pkg.go.dev/vuln/GO-2024-2963

Impacted products

	Vendor	Product	Version
	Go standard library	net/http	Affected: 0 , < 1.21.12 (semver) Affected: 1.22.0-0 , < 1.22.5 (semver)

Credits

Geoff Franks

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:go_standard_library:net\\/http:1.21.12:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "net\\/http",
            "vendor": "go_standard_library",
            "versions": [
              {
                "lessThan": "1.21.12",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "1.22.5",
                "status": "affected",
                "version": "1.22.0-0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-24791",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-03T13:39:23.366299Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-03T13:45:59.566Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-10-04T15:02:46.565Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/591255"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/67555"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2024-2963"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20241004-0004/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "net/http",
          "product": "net/http",
          "programRoutines": [
            {
              "name": "persistConn.readResponse"
            },
            {
              "name": "Client.CloseIdleConnections"
            },
            {
              "name": "Client.Do"
            },
            {
              "name": "Client.Get"
            },
            {
              "name": "Client.Head"
            },
            {
              "name": "Client.Post"
            },
            {
              "name": "Client.PostForm"
            },
            {
              "name": "Get"
            },
            {
              "name": "Head"
            },
            {
              "name": "Post"
            },
            {
              "name": "PostForm"
            },
            {
              "name": "Transport.CancelRequest"
            },
            {
              "name": "Transport.CloseIdleConnections"
            },
            {
              "name": "Transport.RoundTrip"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.21.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.22.5",
              "status": "affected",
              "version": "1.22.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Geoff Franks"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an \"Expect: 100-continue\" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending \"Expect: 100-continue\" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE 400: Uncontrolled Resource Consumption",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-02T21:28:25.677Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/591255"
        },
        {
          "url": "https://go.dev/issue/67555"
        },
        {
          "url": "https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2024-2963"
        }
      ],
      "title": "Denial of service due to improper 100-continue handling in net/http"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2024-24791",
    "datePublished": "2024-07-02T21:28:25.677Z",
    "dateReserved": "2024-01-30T16:05:14.758Z",
    "dateUpdated": "2024-10-04T15:02:46.565Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-34158 (GCVE-0-2024-34158)

Vulnerability from cvelistv5 – Published: 2024-09-06 20:42 – Updated: 2024-10-04 15:02

Summary

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-674 - Uncontrolled Recursion

Assigner

References

URL

Tags

	https://go.dev/cl/611240
	https://go.dev/issue/69141
	https://groups.google.com/g/golang-dev/c/S9POB9NCTdk
	https://pkg.go.dev/vuln/GO-2024-3107

Impacted products

	Vendor	Product	Version
	Go standard library	go/build/constraint	Affected: 0 , < 1.22.7 (semver) Affected: 1.23.0-0 , < 1.23.1 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:go_build_constraint:go_standard_library:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "go_standard_library",
            "vendor": "go_build_constraint",
            "versions": [
              {
                "lessThan": "1.22.7",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              },
              {
                "lessThan": "1.23.1",
                "status": "affected",
                "version": "1.23.0-0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-34158",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-09T13:59:30.881339Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-674",
                "description": "CWE-674 Uncontrolled Recursion",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-09T14:04:26.919Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-10-04T15:02:47.715Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20241004-0003/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "go/build/constraint",
          "product": "go/build/constraint",
          "programRoutines": [
            {
              "name": "parsePlusBuildExpr"
            },
            {
              "name": "exprParser.not"
            },
            {
              "name": "Parse"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.22.7",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.23.1",
              "status": "affected",
              "version": "1.23.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-674: Uncontrolled Recursion",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-06T20:42:42.822Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/611240"
        },
        {
          "url": "https://go.dev/issue/69141"
        },
        {
          "url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2024-3107"
        }
      ],
      "title": "Stack exhaustion in Parse in go/build/constraint"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2024-34158",
    "datePublished": "2024-09-06T20:42:42.822Z",
    "dateReserved": "2024-05-01T18:45:34.846Z",
    "dateUpdated": "2024-10-04T15:02:47.715Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2024:6913

CVE-2024-34156 (GCVE-0-2024-34156)

CVE-2024-34155 (GCVE-0-2024-34155)

CVE-2024-24791 (GCVE-0-2024-24791)

CVE-2024-34158 (GCVE-0-2024-34158)

Tags

Sightings

Nomenclature