All the vulnerabilites related to Go standard library - net
cve-2024-24788
Vulnerability from cvelistv5
Published
2024-05-08 15:31
Modified
2024-11-21 15:42
Severity ?
EPSS score ?
Summary
Malformed DNS message can cause infinite loop in net
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Go standard library | net |
Version: 1.22.0-0 ≤ |
|
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-24788", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-12T19:38:26.198197Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-835", "description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-21T15:42:56.985Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:28:12.532Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://go.dev/issue/66754" }, { "tags": [ "x_transferred" ], "url": "https://go.dev/cl/578375" }, { "tags": [ "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/wkkO4P9stm0" }, { "tags": [ "x_transferred" ], "url": "https://pkg.go.dev/vuln/GO-2024-2824" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/05/08/3" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240605-0002/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240614-0001/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "packageName": "net", "product": "net", "programRoutines": [ { "name": "extractExtendedRCode" }, { "name": "Dial" }, { "name": "DialTimeout" }, { "name": "Dialer.Dial" }, { "name": "Dialer.DialContext" }, { "name": "Listen" }, { "name": "ListenConfig.Listen" }, { "name": "ListenConfig.ListenPacket" }, { "name": "ListenPacket" }, { "name": "LookupAddr" }, { "name": "LookupCNAME" }, { "name": "LookupHost" }, { "name": "LookupIP" }, { "name": "LookupMX" }, { "name": "LookupNS" }, { "name": "LookupSRV" }, { "name": "LookupTXT" }, { "name": "ResolveIPAddr" }, { "name": "ResolveTCPAddr" }, { "name": "ResolveUDPAddr" }, { "name": "Resolver.LookupAddr" }, { "name": "Resolver.LookupCNAME" }, { "name": "Resolver.LookupHost" }, { "name": "Resolver.LookupIP" }, { "name": "Resolver.LookupIPAddr" }, { "name": "Resolver.LookupMX" }, { "name": "Resolver.LookupNS" }, { "name": "Resolver.LookupNetIP" }, { "name": "Resolver.LookupSRV" }, { "name": "Resolver.LookupTXT" } ], "vendor": "Go standard library", "versions": [ { "lessThan": "1.22.3", "status": "affected", "version": "1.22.0-0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "value": "@long-name-let-people-remember-you" }, { "lang": "en", "value": "Mateusz Poliwczak" } ], "descriptions": [ { "lang": "en", "value": "A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop." } ], "problemTypes": [ { "descriptions": [ { "description": "CWE 400: Uncontrolled Resource Consumption", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-09T20:25:03.081Z", "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go" }, "references": [ { "url": "https://go.dev/issue/66754" }, { "url": "https://go.dev/cl/578375" }, { "url": "https://groups.google.com/g/golang-announce/c/wkkO4P9stm0" }, { "url": "https://pkg.go.dev/vuln/GO-2024-2824" }, { "url": "http://www.openwall.com/lists/oss-security/2024/05/08/3" }, { "url": "https://security.netapp.com/advisory/ntap-20240605-0002/" }, { "url": "https://security.netapp.com/advisory/ntap-20240614-0001/" } ], "title": "Malformed DNS message can cause infinite loop in net" } }, "cveMetadata": { "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "assignerShortName": "Go", "cveId": "CVE-2024-24788", "datePublished": "2024-05-08T15:31:11.619Z", "dateReserved": "2024-01-30T16:05:14.758Z", "dateUpdated": "2024-11-21T15:42:56.985Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }