CVE-2023-24535

Published: Jun 8, 2023

Modified: Jan 6, 2025

PUBLISHED

Description

Parsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic.

Vendor	Product	Versions
google.golang.org/protobuf	google.golang.org/protobuf/encoding/prototext	affected `1.29.0 - < 1.29.1`
google.golang.org/protobuf	google.golang.org/protobuf/internal/encoding/text	affected `1.29.0 - < 1.29.1`

References

https://go.dev/cl/475995

https://github.com/golang/protobuf/issues/1530

https://pkg.go.dev/vuln/GO-2023-1631

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-24535

Description

Affected Products

References