CVE-2023-24537
Infinite loop in parsing in go/scanner
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.
A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service.
Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language. Issues addressed include a denial of service vulnerability.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2023-01-25 CVE Reserved
- 2023-04-06 CVE Published
- 2025-02-13 CVE Updated
- 2025-04-24 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-190: Integer Overflow or Wraparound
- CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CAPEC
References (7)
URL | Tag | Source |
---|---|---|
https://security.gentoo.org/glsa/202311-09 |
|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://go.dev/cl/482078 | 2023-11-25 | |
https://go.dev/issue/59180 | 2023-11-25 |
URL | Date | SRC |
---|---|---|
https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 | 2023-11-25 | |
https://pkg.go.dev/vuln/GO-2023-1702 | 2023-11-25 | |
https://access.redhat.com/security/cve/CVE-2023-24537 | 2024-05-21 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2184484 | 2024-05-21 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Golang Search vendor "Golang" | Go Search vendor "Golang" for product "Go" | < 1.19.8 Search vendor "Golang" for product "Go" and version " < 1.19.8" | - |
Affected
| ||||||
Golang Search vendor "Golang" | Go Search vendor "Golang" for product "Go" | >= 1.20.0 < 1.20.3 Search vendor "Golang" for product "Go" and version " >= 1.20.0 < 1.20.3" | - |
Affected
|