Malformed DNS message can cause infinite loop in net
CVE-2024-24788

5.9MEDIUM

Key Information:

Vendor: Go Standard Library
Status: Net
Vendor: CVE Published:; 8 May 2024

Badges

📰 News Worthy

What is CVE-2024-24788?

A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.

Affected Version(s)

net 1.22.0-0 < 1.22.3

News Articles

Linux Security

CVE-2024-24787 CVE-2024-24788

SUSE: 2024:1587-1 moderate: go1.22 Security Advisory Updates | LinuxSecurity.com

SUSE: 2024:1587-1 moderate: go1.22 Security Advisory Updates - # Security update for go1.22 Announcement ID: SUSE-SU-2024:1587-1 Rating: moderate References: * bsc

CybersecurityNews

CVE-2024-24787 CVE-2024-24788

Golang Vulnerability Alert: Remote Code Execution & Infinite Loop DNS Lookup

The Go team has released patches for two significant vulnerabilities that could allow attackers to execute arbitrary code and cause service disruptions through infinite loops.

References

https://go.dev/issue/66754

https://go.dev/cl/578375

https://groups.google.com/g/golang-announce/c/wkkO4P9stm0

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

📰
First article discovered by CybersecurityNews
May 9, 2024
Vulnerability published
May 8, 2024
Vulnerability Reserved
Jan 30, 2024

Credit

@long-name-let-people-remember-you

Mateusz Poliwczak

Go Standard Library

Badges

What is CVE-2024-24788?

Affected Version(s)

News Articles

SUSE: 2024:1587-1 moderate: go1.22 Security Advisory Updates | LinuxSecurity.com

Golang Vulnerability Alert: Remote Code Execution & Infinite Loop DNS Lookup

References

CVSS V3.1

Timeline

Credit