Description

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

INFO

Published Date :

2024-12-18T20:38:22.660Z

Last Modified :

2025-02-21T18:03:32.301Z

Source :

Go
AFFECTED PRODUCTS

The following products are affected by CVE-2024-45338 vulnerability.

Vendors Products
Redhat
  • Acm
  • Advanced Cluster Security
  • Ceph Storage
  • Cert Manager
  • Cluster Observability Operator
  • Container Native Virtualization
  • Cryostat
  • Gatekeeper
  • Insights Runtimes Operator
  • Logging
  • Multicluster Engine
  • Multicluster Globalhub
  • Openshift
  • Openshift Ai
  • Openshift Api Data Protection
  • Openshift Builds
  • Openshift Data Foundation
  • Openshift Devspaces
  • Openshift Distributed Tracing
  • Openshift Gitops
  • Openshift Pipelines
  • Rhdh
  • Rhmt
  • Service Mesh
  • Trusted Artifact Signer
  • Trusted Profile Analyzer
  • Windows Machine Config
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-45338.

URL Resource
https://go.dev/cl/637536 cve-icon cve-icon cve-icon
https://go.dev/issue/70906 cve-icon cve-icon cve-icon
https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-45338 cve-icon
https://pkg.go.dev/vuln/GO-2024-3333 cve-icon cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20250221-0001/ cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-45338 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact