Launchpad CVE tracker

CVE 2024-24784

The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers.

Related bugs and status

CVE-2024-24784 (Candidate) is related to these bugs:

Bug #2056309: Sync golang-1.21 1.21.8-1 (main) from Debian unstable (main)

Summary				In	Importance	Status
	2056309	Sync golang-1.21 1.21.8-1 (main) from Debian unstable (main)		golang-1.21 (Ubuntu)	Wishlist	Fix Released

Bug #2056310: Sync golang-1.22 1.22.1-1 (main) from Debian unstable (main)

Summary				In	Importance	Status
	2056310	Sync golang-1.22 1.22.1-1 (main) from Debian unstable (main)		golang-1.22 (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://go.dev/cl/555596
MISC: https://go.dev/issue/6...
MISC: https://groups.google....
MISC: https://pkg.go.dev/vul...
CONFIRM: https://security.netap...
MLIST: [oss-security] 2024030...

Launchpad.net

CVE 2024-24784

Related bugs and status

Related bugs

References