Back

CVE-2024-34156

Sept. 6, 2024, 9:15 p.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Go programming language

Source

security@golang.org

Tags

security@golang.org
2024-09-06
CVE-2024-34156

CVE-2024-34156 details

Published : Sept. 6, 2024, 9:15 p.m.
Last Modified : Sept. 6, 2024, 9:15 p.m.

Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description

References

URL Source
https://go.dev/cl/611239 security@golang.org
https://go.dev/issue/69139 security@golang.org
https://groups.google.com/g/golang-dev/c/S9POB9NCTdk security@golang.org
https://pkg.go.dev/vuln/GO-2024-3106 security@golang.org
This website uses the NVD API, but is not approved or certified by it.