Deeply Nested Literals Cause Stack Exhaustion in Parse
CVE-2024-34155

Currently unrated

Key Information:

Vendor: Go Standard Library
Status: Go/parser
Vendor: CVE Published:; 6 September 2024

What is CVE-2024-34155?

Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.

Affected Version(s)

go/parser 0 < 1.22.7

go/parser 1.23.0-0 < 1.23.1

References

https://go.dev/cl/611238

https://go.dev/issue/69138

https://groups.google.com/g/golang-dev/c/S9POB9NCTdk

Timeline

Vulnerability published
Sep 6, 2024

.