Malformed DNS message can cause infinite loop in net
CVE-2024-24788

5.9MEDIUM

Key Information:

Vendor

Go Standard Library

Status
Net
Vendor
CVE Published:
8 May 2024

Badges

๐Ÿ“ฐ News Worthy

What is CVE-2024-24788?

A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

net 1.22.0-0 < 1.22.3

News Articles

favicon imageLinux Security

SUSE: 2024:1587-1 moderate: go1.22 Security Advisory Updates | LinuxSecurity.com

SUSE: 2024:1587-1 moderate: go1.22 Security Advisory Updates - # Security update for go1.22 Announcement ID: SUSE-SU-2024:1587-1 Rating: moderate References: * bsc

favicon imageCybersecurityNews

Golang Vulnerability Alert: Remote Code Execution & Infinite Loop DNS Lookup

The Go team has released patches for two significant vulnerabilities that could allow attackers to execute arbitrary code and cause service disruptions through infinite loops.

References

https://go.dev/issue/66754
https://go.dev/cl/578375
https://groups.google.com/g/golang-announce/c/wkkO4P9stm0

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐Ÿ“ฐ

    First article discovered by CybersecurityNews

  • Vulnerability published

  • Vulnerability Reserved

Credit

@long-name-let-people-remember-you
Mateusz Poliwczak
JSON
.