CVE-2024-34155Uncontrolled Recursion in Standard Library GO Parser

CWE-674Uncontrolled Recursion12 documents8 sources
Severity
4.3MEDIUMNVD
OSV7.5
EPSS
0.1%
top 76.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GO Standard Library GO Parser
Timeline
PublishedSep 6
Latest updateNov 14

Description

Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

CVEListV5go_standard_library/go_parser1.23.0-01.23.1+1

🔴Vulnerability Details

5
OSV
golang-1.22 vulnerabilities2024-10-23
GHSA
GHSA-8xfx-rj4p-23jm: Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion2024-09-06
OSV
Stack exhaustion in all Parse functions in go/parser2024-09-06
CVEList
Stack exhaustion in all Parse functions in go/parser2024-09-06
OSV
CVE-2024-34155: Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion2024-09-06

📋Vendor Advisories

6
Ubuntu
Go vulnerabilities2024-11-14
Ubuntu
Go vulnerabilities2024-11-14
Ubuntu
Go vulnerabilities2024-10-23
Microsoft
Stack exhaustion in all Parse functions in go/parser2024-09-10
Red Hat
go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion2024-09-06
CVE-2024-34155 — Uncontrolled Recursion | cvebase