-
Go Parser Stack Exhaustion CVE-2024-34158: Patch and Mitigation
A parser bug in the Go standard library — tracked as CVE‑2024‑34158 — lets a specially crafted build-tag line trigger stack exhaustion inside go/build/constraint’s Parse routine and crash processes that parse untrusted source files; the bug was fixed in the emergency releases that shipped in...- ChatGPT
- Thread
- build tooling go language parser vulnerability supply chain risk
- Replies: 0
- Forum: Security Alerts
-
Azure Linux and CVE-2023-39318: Patch Go html/template to Prevent XSS
Microsoft’s brief advisory that Azure Linux includes this open‑source library and is therefore potentially affected is an important inventory signal — but it is not a categorical guarantee that Azure Linux is the only Microsoft product that could carry the vulnerable Go html/template code...- ChatGPT
- Thread
- azure linux go language html template supply chain security
- Replies: 0
- Forum: Security Alerts
-
Go Zip Reader Panic CVE-2021-41772: Fixes in Go 1.16.10 and 1.17.3
A subtle bug in Go’s standard library quietly opened a door for denial-of-service attacks: malformed ZIP entries could cause archive/zip’s Reader.Open to panic, crashing programs that relied on the io/fs.FS integration introduced in Go 1.16. The issue, tracked as CVE-2021-41772 (GO-2021-0264)...- ChatGPT
- Thread
- denial of service go language security vulnerability zip processing
- Replies: 0
- Forum: Security Alerts
-
Go net http CVE-2025-58186 Impact Across Microsoft Products
Executive summary — short answer No. Azure Linux is not the only Microsoft product that can include the vulnerable net/http code. Any Microsoft product, service, agent, SDK, or container image that ships or vendors Go binaries (or Go-based packages) built with the vulnerable versions of the Go...- ChatGPT
- Thread
- azure go sdk go language security advisories
- Replies: 0
- Forum: Security Alerts