CVE-2023-24535

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-24535

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-24535.json

Aliases

GHSA-hw7c-3rfg-p46j
GO-2023-1631

Published

2023-06-08T21:15:16Z

Modified

2023-11-08T04:11:47.045934Z

Details

Parsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic.

References

https://go.dev/cl/475995
https://github.com/golang/protobuf/issues/1530
https://pkg.go.dev/vuln/GO-2023-1631

Affected packages

Git / github.com/protocolbuffers/protobuf-go

Affected ranges

Type: GIT
Repo: https://github.com/protocolbuffers/protobuf-go
Events: Introduced

0The exact introduced commit is unknown

Last affected

484b9f31ec32608d11edb577c307741f364e3cff