5.9

CVE-2024-24788

Malformed DNS message can cause infinite loop in net

A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerGo standard library
Produkt net
Default Statusunaffected
Version 1.22.0-0
Version < 1.22.3
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1% 0.585
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.9 2.2 3.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

http://www.openwall.com/lists/oss-security/2024/05/08/3
https://groups.google.com/g/golang-announce/c/wkkO4P9stm0
https://go.dev/cl/578375
https://go.dev/issue/66754
https://pkg.go.dev/vuln/GO-2024-2824
https://security.netapp.com/advisory/ntap-20240605-0002/
https://security.netapp.com/advisory/ntap-20240614-0001/