MGASA-2023-0145
Advisory lineage Upstream: 4 Downstream: 0
Published: 15 Apr 2023, 19:03
Last modified:16 Apr 2026, 04:23
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
15 Apr 2023, 19:03
Published
Vulnerability first disclosed
16 Apr 2026, 04:23
Last Modified
Vulnerability information updated
Description
Updated golang packages fix security vulnerability DOS due to incorrect HTTP and MIME header parsing (CVE-2023-24534) DOS due to incorrect Multipart form parsing (CVE-2023-24536) Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow. (CVE-2023-24537) Arbitrary Javascript code execution due to failure to escape back ticks (CVE-2023-24538)
Affected Systems
- mageia•golang
< 1.19.8-1.mga8
References (7)
- https://advisories.mageia.org/MGASA-2023-0145.html
- https://bugs.mageia.org/show_bug.cgi?id=31769
- https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8
- https://lists.suse.com/pipermail/sle-security-updates/2023-April/014420.html
- https://lists.suse.com/pipermail/sle-security-updates/2023-April/014421.html
- https://lists.suse.com/pipermail/sle-security-updates/2023-April/014423.html
- https://lists.suse.com/pipermail/sle-security-updates/2023-April/014387.html