Home

Description

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

PUBLISHED Reserved 2024-08-27 | Published 2024-12-18 | Updated 2025-02-21 | Assigner Go

Problem types

CWE-405: Asymmetric Resource Consumption (Amplification)

Product status

Default status
unaffected

Any version before 0.33.0
affected

Credits

Guido Vranken

References

security.netapp.com/advisory/ntap-20250221-0001/

go.dev/cl/637536

go.dev/issue/70906

groups.google.com/...g-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ

pkg.go.dev/vuln/GO-2024-3333

cve.org (CVE-2024-45338)

nvd.nist.gov (CVE-2024-45338)

Download JSON