Stack Exhaustion in Deeply Nested Structures Affects Decode Product
CVE-2024-34156

Currently unrated

Key Information:

Vendor

Go Standard Library

Status
Encoding/gob
Vendor
CVE Published:
6 September 2024

What is CVE-2024-34156?

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

encoding/gob 0 < 1.22.7

encoding/gob 1.23.0-0 < 1.23.1

References

https://go.dev/cl/611239
https://go.dev/issue/69139
https://groups.google.com/g/golang-dev/c/S9POB9NCTdk

Timeline

  • Vulnerability published

Credit

Md Sakib Anwar of The Ohio State University (anwar.40@osu.edu)
JSON
.