GO-2024-2824

Source
https://pkg.go.dev/vuln/GO-2024-2824
Import Source
https://vuln.go.dev/ID/GO-2024-2824.json
JSON Data
https://api.osv.dev/v1/vulns/GO-2024-2824
Aliases
Related
Published
2024-05-07T22:33:51Z
Modified
2024-05-20T16:03:47Z
Summary
Malformed DNS message can cause infinite loop in net
Details

A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.

Database specific
{
    "review_status": "REVIEWED",
    "url": "https://pkg.go.dev/vuln/GO-2024-2824"
}
References
Credits
    • @long-name-let-people-remember-you
    • Mateusz Poliwczak

Affected packages

Go / stdlib

Package

Affected ranges

Type
SEMVER
Events
Introduced
1.22.0-0
Fixed
1.22.3

Ecosystem specific

{
    "imports": [
        {
            "path": "net",
            "symbols": [
                "Dial",
                "DialTimeout",
                "Dialer.Dial",
                "Dialer.DialContext",
                "Listen",
                "ListenConfig.Listen",
                "ListenConfig.ListenPacket",
                "ListenPacket",
                "LookupAddr",
                "LookupCNAME",
                "LookupHost",
                "LookupIP",
                "LookupMX",
                "LookupNS",
                "LookupSRV",
                "LookupTXT",
                "ResolveIPAddr",
                "ResolveTCPAddr",
                "ResolveUDPAddr",
                "Resolver.LookupAddr",
                "Resolver.LookupCNAME",
                "Resolver.LookupHost",
                "Resolver.LookupIP",
                "Resolver.LookupIPAddr",
                "Resolver.LookupMX",
                "Resolver.LookupNS",
                "Resolver.LookupNetIP",
                "Resolver.LookupSRV",
                "Resolver.LookupTXT",
                "extractExtendedRCode"
            ]
        }
    ]
}