CVE-2024-24784 – Comments in display names are incorrectly handled in net/mail
https://notcve.org/view.php?id=CVE-2024-24784
The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers. La función ParseAddressList controla incorrectamente los comentarios (texto entre paréntesis) dentro de los nombres para mostrar. Dado que se trata de una desalineación con los analizadores de direcciones conformes, puede dar lugar a que los programas que utilizan diferentes analizadores tomen diferentes decisiones de confianza. A flaw was found in Go's net/mail standard library package. • http://www.openwall.com/lists/oss-security/2024/03/08/4 https://go.dev/cl/555596 https://go.dev/issue/65083 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2609 https://security.netapp.com/advisory/ntap-20240329-0007 https://access.redhat.com/security/cve/CVE-2024-24784 https://bugzilla.redhat.com/show_bug.cgi?id=2268021 • CWE-115: Misinterpretation of Input •