cbcvebase.
CVE-2024-45338
published 2024-12-18

CVE-2024-45338: An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing…

PriorityP425medium5.3CVSS 3.1
AVNACLPRNUINSUCNINAL
EPSS
0.86%
53.9th percentile
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

Affected

23 ranges
VendorProductVersion rangeFixed in
debiangolang-golang-x-net< golang-golang-x-net 1:0.27.0-2 (forky)golang-golang-x-net 1:0.27.0-2 (forky)
golang.orgx_net_golang.org_x_net_html< 0.33.00.33.0
golang.orgx_net_html>= 0 < 0.33.00.33.0
msrcazl3_application-gateway-kubernetes-ingress_1.7.2-3
msrcazl3_cert-manager_1.12.13-3
msrcazl3_cert-manager_1.12.15-3
msrcazl3_cf-cli_8.7.11-3
msrcazl3_cf-cli_8.7.3-5
msrcazl3_cloud-provider-kubevirt_0.5.1-1
msrcazl3_cni-plugins_1.4.0-2
msrcazl3_cni-plugins_1.4.0-3
msrcazl3_cni_1.1.2-4
msrcazl3_containerd2_2.0.0-3
msrcazl3_containerd2_2.0.0-9
msrcazl3_containerized-data-importer_1.57.0-14
msrcazl3_containerized-data-importer_1.57.0-7
msrcazl3_cri-tools_1.30.1-2
msrcazl3_cri-tools_1.32.0-1
msrcazl3_dasel_2.8.1-2
msrcazl3_docker-buildx_0.14.0-3
msrcazl3_docker-buildx_0.14.0-5
msrcazl3_docker-compose_2.27.0-3
msrcazl3_docker-compose_2.27.0-5

CVSS provenance

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
osv5.3MEDIUM
vendor_debian5.3MEDIUM
vendor_msrc5.3MEDIUM
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.