CVE-2024-24784
Aliases:CGA-x96w-p6v4-99r6BIT-golang-2024-24784CGA-mxv9-jf2v-cw75CGA-x9h6-wjmw-83hrGHSA-fgq5-q76c-gx78GO-2024-2609
Advisory lineage Upstream: 0 Downstream: 21
Deferred
Published: 05 Mar 2024, 22:22
Last modified:13 Feb 2025, 17:40
Vulnerability Summary
Overall Risk (default)
medium
30/100 CVSS Score
7.5 HIGH
v3.1 (cve.org)
EPSS Score
2.02% LOW
2% probability +0.52%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
05 Mar 2024, 22:22
Published
Vulnerability first disclosed
13 Feb 2025, 17:40
Last Modified
Vulnerability information updated
Description
The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers.
CVSS Metrics
- v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Trends
Current EPSS score: 2.02%• Percentile: 84%
Affected Systems
- chainguard•cluster-autoscaler-1.27
< 1.27.5-r2
- chainguard•cluster-autoscaler-1.27-compat
< 1.27.5-r2
- chainguard•cluster-autoscaler-1.28
< 1.28.2-r2
- chainguard•cluster-autoscaler-1.28-compat
< 1.28.2-r2
- chainguard•newrelic-fluent-bit-output
< 1.19.2-r1
- wolfi•cluster-autoscaler-1.27
< 1.27.5-r2
- wolfi•cluster-autoscaler-1.27-compat
< 1.27.5-r2
- wolfi•cluster-autoscaler-1.28
< 1.28.2-r2
- wolfi•cluster-autoscaler-1.28-compat
< 1.28.2-r2
- go standard library•net/mail
< 1.21.8 | ≥ 1.22.0-0, < 1.22.1
- Go•stdlib
≥ 1.22.0-0, < 1.22.1