[GO-2023-1702] Infinite loop in parsing in go/scanner
Severity
High
Affected Packages
2
Fixed Packages
2
CVEs
1
Calling any of the Parse functions on Go source code which contains //line
directives with very large line numbers can cause an infinite loop due to
integer overflow.
Package | Affected Version |
---|---|
pkg:golang/go/scanner | >= 1.20.2, < 1.19.8 |
pkg:golang/go/scanner | >= 1.20.2, < 1.20.3 |
Package | Fixed Version |
---|---|
pkg:golang/go/scanner | = 1.19.8 |
pkg:golang/go/scanner | = 1.20.3 |
- ID
- GO-2023-1702
- Severity
- high
- Severity from
- CVE-2023-24537
- URL
- https://pkg.go.dev/vuln/GO-2023-1702
- Published
-
2023-04-05T17:34:33
(17 months ago) - Modified
-
2024-07-17T19:54:18
(2 months ago) - Other Advisories
-
- ALAS-2023-1731
- ALAS-2023-1848
- ALAS2-2023-2015
- ALAS2-2023-2024
- ALPINE:CVE-2023-24537
- ALSA-2023:6363
- ALSA-2023:6474
- ALSA-2023:6938
- ALSA-2023:6939
- ELSA-2023-6363
- ELSA-2023-6474
- ELSA-2023-6938
- ELSA-2023-6939
- FREEBSD:348EE234-D541-11ED-AD86-A134A566F1E6
- GLSA-202311-09
- RHSA-2023:3318
- RHSA-2023:3319
- RHSA-2023:6363
- RHSA-2023:6474
- RHSA-2023:6938
- RHSA-2023:6939
- SUSE-SU-2023:1791-1
- SUSE-SU-2023:1792-1
- SUSE-SU-2023:2105-1
- SUSE-SU-2023:2105-2
- SUSE-SU-2023:2127-1
- USN-6038-1
- USN-6038-2
- USN-6140-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Fixed | pkg:golang/go/scanner | go | scanner | = 1.19.8 | |||
Affected | pkg:golang/go/scanner | go | scanner | >= 1.20.2 < 1.19.8 | |||
Fixed | pkg:golang/go/scanner | go | scanner | = 1.20.3 | |||
Affected | pkg:golang/go/scanner | go | scanner | >= 1.20.2 < 1.20.3 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |