Description

The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.

INFO

Published Date :

2024-06-05T15:13:51.938Z

Last Modified :

2025-02-13T17:40:27.816Z

Source :

Go
AFFECTED PRODUCTS

The following products are affected by CVE-2024-24789 vulnerability.

Vendors Products
Golang
  • Go
Redhat
  • Advanced Cluster Security
  • Ceph Storage
  • Enterprise Linux
  • Network Observ Optr
  • Openshift
  • Openshift Api Data Protection
  • Openshift Data Foundation
  • Openshift Serverless
  • Serverless
  • Service Mesh
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-24789.

URL Resource
http://www.openwall.com/lists/oss-security/2024/06/04/1 cve-icon cve-icon
https://go.dev/cl/585397 cve-icon cve-icon
https://go.dev/issue/66869 cve-icon cve-icon
https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/[email protected]/message/U5YAEIA6IUHUNGJ7AIXXPQT6D2GYENX7/ cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-24789 cve-icon
https://pkg.go.dev/vuln/GO-2024-2888 cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20250131-0008/ cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-24789 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact