CVE-2024-34155 – Stack exhaustion in all Parse functions in go/parser

https://notcve.org/view.php?id=CVE-2024-34155

Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion. • https://go.dev/cl/611238 https://go.dev/issue/69138 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3105 https://access.redhat.com/security/cve/CVE-2024-34155 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 • CWE-674: Uncontrolled Recursion •