Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Mageia 9: MGASA-2024-0376 moderate: golang stack exhaustion issues

mageia
Calendar Grey November 27, 2024
Dist Mageia Esm H88
Discover MGASA-2024-0376, which highlights Go language improvements tackling panic issues in nested literals, enhancing security, efficiency, and reliability for developers
Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion

Summary

Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. CVE-2024-34155 Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion CVE-2024-34156 Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.CVE-2024-34158

References

- https://bugs.mageia.org/show_bug.cgi?id=33526

- https://www.openwall.com/lists/oss-security/2024/09/05/1

- https://www.cve.org/CVERecord?id=CVE-2024-34155

- https://www.cve.org/CVERecord?id=CVE-2024-34156

- https://www.cve.org/CVERecord?id=CVE-2024-34158

Topics%20covered

Topics Covered

security advisory fix backup stack exhaustion golang Mageia panic

Resolution

SRPMS

- 9/core/golang-1.22.9-1.mga9

Publication date: 27 Nov 2024
URL: https://advisories.mageia.org/MGASA-2024-0376.html
Type: security
CVE: CVE-2024-34155, CVE-2024-34156, CVE-2024-34158

Topics%20covered

Topics Covered

security advisory fix backup stack exhaustion golang Mageia panic

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here