x/vulndb: potential Go vuln in go/parser: CVE-2024-34155 #3105
Assignees
Labels
Comments
tatianab
changed the title
|
Change https://go.dev/cl/610805 mentions this issue: |
gopherbot
pushed a commit
that referenced
this issue
Sep 6, 2024
- data/reports/GO-2024-3105.yaml - data/reports/GO-2024-3106.yaml - data/reports/GO-2024-3107.yaml Updates #3105 Updates #3106 Updates #3107 Change-Id: Ic1fcc7db2f64a1be3125bd504f66de12f0492fc4 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/610805 Auto-Submit: Tatiana Bradley <tatianabradley@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Damien Neil <dneil@google.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
go/parser: stack exhaustion in all Parse* functions
Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.
This is CVE-2024-34155 and Go issue https://go.dev/issue/69138.
https://groups.google.com/g/golang-dev/c/S9POB9NCTdk
The text was updated successfully, but these errors were encountered: