Stack Exhaustion Due to Deeply Nested Expressions in Parse
CVE-2024-34158

Currently unrated

Key Information:

Vendor: Go Standard Library
Status: Go/build/constraint
Vendor: CVE Published:; 6 September 2024

What is CVE-2024-34158?

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

Affected Version(s)

go/build/constraint 0 < 1.22.7

go/build/constraint 1.23.0-0 < 1.23.1

References

https://go.dev/cl/611240

https://go.dev/issue/69141

https://groups.google.com/g/golang-dev/c/S9POB9NCTdk

Timeline

Vulnerability published
Sep 6, 2024

.

CVE-2024-34158 : Stack Exhaustion Due to Deeply Nested Expressions in Parse