Fluid Attacks Database

Description

Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	golang-1.19	>=0 <1.19.8-2	1.19.8-2
go	stdlib	>=0 <1.19.8	1.19.8
debian 11	golang-1.15	=1.15.15-1 \|\| =1.15.15-1~deb11u1 \|\| =1.15.15-1~deb11u2 \|\| =1.15.15-1~deb11u3 \|\| =1.15.15-1~deb11u4 \|\| =1.15.15-2 \|\| =1.15.15-3 \|\| =1.15.15-4 \|\| =1.15.15-5 \|\| =1.15.9-6	-
rpm rhel8	buildah	-	-
rpm rhel8	go-toolset	<0:1.19.9-1.module+el8.8.0+18857+fca43658	0:1.19.9-1.module+el8.8.0+18857+fca43658
rpm rhel9	golang	<0:1.19.9-2.el9_2	0:1.19.9-2.el9_2
rpm rhel8	grafana	-	-
rpm rhel9	grafana	-	-
rpm rhel8	podman	-	-
rpm rhel9	podman	<2:4.6.1-5.el9	2:4.6.1-5.el9

1-10 of 12

Aliases

1. CVE-2023-245372. NVD-2023-245373. OSV-DEBIAN-2023-245374. OSV-2023-245375. OSV-GO-2023-17026. GCVE-2023-245377. SECURITY-TRACKER-CVE-2023-24537

References

1. https://go.dev/issue/591802. https://go.dev/cl/4820783. https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.