CVE-2024-24789

CVE-2024-24789

Name

CVE-2024-24789

Description

The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Mailing List	http://www.openwall.com/lists/oss-security/2024/06/04/1
Patch	https://go.dev/cl/585397
Issue Tracking	https://go.dev/issue/66869
Release Notes	https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ
security@golang.org	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5YAEIA6IUHUNGJ7AIXXPQT6D2GYENX7/
Third Party Advisory	https://pkg.go.dev/vuln/GO-2024-2888
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20250131-0008/

Type

URI

Mailing List

http://www.openwall.com/lists/oss-security/2024/06/04/1

Patch

https://go.dev/cl/585397

Issue Tracking

https://go.dev/issue/66869

Release Notes

https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ

security@golang.org

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5YAEIA6IUHUNGJ7AIXXPQT6D2GYENX7/