← Back

CVE-2024-24789

nvd nist
Published: Jun 5, 2024Modified: Jan 31, 2025

JSON object

Loading...
5.5
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Exploitability: 1.8 / Impact: 3.6
Source: NVD

Description

The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.

Affected (2)

Products: Golang: Go
Golang
1 product
Go
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Golang
Go
Before 1.21.11
Go
From 1.22.0 to 1.22.4

References (13)

Source: security@golang.org
Mailing List
Source: security@golang.org
Patch
Source: security@golang.org
Issue TrackingPatch
Source: security@golang.org
Release Notes
Source: security@golang.org
Source: security@golang.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.