Home

Description

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

PUBLISHED Reserved 2024-05-01 | Published 2024-09-06 | Updated 2024-10-04 | Assigner Go

Problem types

CWE-674: Uncontrolled Recursion

Product status

Default status
unaffected

Any version before 1.22.7
affected

1.23.0-0 before 1.23.1
affected

References

go.dev/cl/611240

go.dev/issue/69141

groups.google.com/g/golang-dev/c/S9POB9NCTdk

pkg.go.dev/vuln/GO-2024-3107

cve.org (CVE-2024-34158)

nvd.nist.gov (CVE-2024-34158)

Download JSON