Mageia 8 MGASA-2023-0145 Critical: Golang Denial of Service Vulnerabilities
mageia
April 15, 2023
DOS due to incorrect HTTP and MIME header parsing (CVE-2023-24534) DOS due to incorrect Multipart form parsing (CVE-2023-24536) Calling any of the Parse functions on Go source code...
Summary
DOS due to incorrect HTTP and MIME header parsing (CVE-2023-24534)
DOS due to incorrect Multipart form parsing (CVE-2023-24536)
Calling any of the Parse functions on Go source code which contains //line
directives with very large line numbers can cause an infinite loop due to
integer overflow. (CVE-2023-24537)
Arbitrary Javascript code execution due to failure to escape back ticks
(CVE-2023-24538)
References
- https://bugs.mageia.org/show_bug.cgi?id=31769
- https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8
- https://lists.suse.com/pipermail/sle-security-updates/2023-April/014420.html
- https://lists.suse.com/pipermail/sle-security-updates/2023-April/014421.html
- https://lists.suse.com/pipermail/sle-security-updates/2023-April/014423.html
- https://lists.suse.com/pipermail/sle-security-updates/2023-April/014387.html
- https://www.cve.org/CVERecord?id=CVE-2023-24534
- https://www.cve.org/CVERecord?id=CVE-2023-24536
- https://www.cve.org/CVERecord?id=CVE-2023-24537
- https://www.cve.org/CVERecord?id=CVE-2023-24538
Topics Covered
Resolution
SRPMS
- 8/core/golang-1.19.8-1.mga8
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 15 Apr 2023
URL: https://advisories.mageia.org/MGASA-2023-0145.html
Type: security
CVE: CVE-2023-24534,
CVE-2023-24536,
CVE-2023-24537,
CVE-2023-24538
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!