CVE-2023-24537

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2023-24537

Severity

Unknown

Description

Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.

References

https://images.chainguard.dev/security/CGA-v7c6-4w96-cx2g
https://github.com/advisories/GHSA-fp86-2355-v99r
https://images.chainguard.dev/security/CGA-rhmp-5x6g-2369
https://images.chainguard.dev/security/CGA-7gp6-r867-jxrp
https://images.chainguard.dev/security/CGA-5jv6-hqq9-gm4f
https://images.chainguard.dev/security/CGA-ww6h-3fgm-53fx
https://images.chainguard.dev/security/CGA-m745-8638-pppr
https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8
https://pkg.go.dev/vuln/GO-2023-1702
https://security.gentoo.org/glsa/202311-09
https://security.netapp.com/advisory/ntap-20241129-0004/
https://go.dev/cl/482078
https://go.dev/issue/59180
https://security-tracker.debian.org/tracker/CVE-2023-24537

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2023-24537

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources