1. Home
  2. Security Advisories
  3. Go
  4. GO-2023-1702

[GO-2023-1702] Infinite loop in parsing in go/scanner

Severity High
Affected Packages 2
Fixed Packages 2
CVEs 1
Info Packages Vulnerabilities

Calling any of the Parse functions on Go source code which contains //line
directives with very large line numbers can cause an infinite loop due to
integer overflow.

Package Affected Version
pkg:golang/go/scanner >= 1.20.2, < 1.19.8
pkg:golang/go/scanner >= 1.20.2, < 1.20.3
Package Fixed Version
pkg:golang/go/scanner = 1.19.8
pkg:golang/go/scanner = 1.20.3
ID
GO-2023-1702
Severity
high
Severity from
CVE-2023-24537
URL
https://pkg.go.dev/vuln/GO-2023-1702
Published
2023-04-05T17:34:33
(17 months ago)
Modified
2024-07-17T19:54:18
(2 months ago)
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Fixed pkg:golang/go/scanner go scanner = 1.19.8
Affected pkg:golang/go/scanner go scanner >= 1.20.2 < 1.19.8
Fixed pkg:golang/go/scanner go scanner = 1.20.3
Affected pkg:golang/go/scanner go scanner >= 1.20.2 < 1.20.3
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date