Launchpad CVE tracker

CVE 2023-24537

Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.

Related bugs and status

CVE-2023-24537 (Candidate) is related to these bugs:

Bug #2015339: Sync golang-1.20 1.20.3-1 (main) from Debian unstable (main)

Summary				In	Importance	Status
	2015339	Sync golang-1.20 1.20.3-1 (main) from Debian unstable (main)		golang-1.20 (Ubuntu)	Undecided	Fix Released

Bug #2015340: Sync golang-1.19 1.19.8-1 (main) from Debian experimental (main)

Summary				In	Importance	Status
	2015340	Sync golang-1.19 1.19.8-1 (main) from Debian experimental (main)		golang-1.19 (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2023-24537

References