CVE-2024-24788
Aliases:BIT-golang-2024-24788GO-2024-2824
Advisory lineage Upstream: 0 Downstream: 25
Deferred
Published: 08 May 2024, 15:31
Last modified:13 Feb 2025, 17:40
Vulnerability Summary
Overall Risk (default)
low
24/100 CVSS Score
5.9 MEDIUM
v3.1 (cve.org)
EPSS Score
0.2% LOW
0% probability +0.05%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
08 May 2024, 15:31
Published
Vulnerability first disclosed
13 Feb 2025, 17:40
Last Modified
Vulnerability information updated
Description
A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.
CVSS Metrics
- v3.1•MEDIUM•Score: 5.9CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Trends
Current EPSS score: 0.20%• Percentile: 42%
Techniques & Countermeasures
- CWE-835•Loop with Unreachable Exit Condition ('Infinite Loop')
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Affected Systems
- debian•golang-1.22
< 1.22.3-1
- go standard library•net
≥ 1.22.0-0, < 1.22.3
- Go•stdlib
≥ 1.22.0-0, < 1.22.3
References (8)
- https://go.dev/issue/66754
- https://go.dev/cl/578375
- https://groups.google.com/g/golang-announce/c/wkkO4P9stm0
- https://pkg.go.dev/vuln/GO-2024-2824
- http://www.openwall.com/lists/oss-security/2024/05/08/3
- https://security.netapp.com/advisory/ntap-20240605-0002/
- https://security.netapp.com/advisory/ntap-20240614-0001/
- https://security-tracker.debian.org/tracker/CVE-2024-24788