CVE-2023-24537

Published: Apr 6, 2023

Modified: Feb 13, 2025

PUBLISHED

Description

Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.

Vendor	Product	Versions
Go standard library	go/scanner	affected `0 - < 1.19.8` affected `1.20.0-0 - < 1.20.3`

References

https://go.dev/issue/59180

https://go.dev/cl/482078

https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8

https://pkg.go.dev/vuln/GO-2023-1702

https://security.gentoo.org/glsa/202311-09

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-24537

Description

Affected Products

References