CVE-2024-34156

Name
CVE-2024-34156
Description
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
https://go.dev/cl/611239
https://go.dev/issue/69139
https://groups.google.com/g/golang-dev/c/S9POB9NCTdk
https://pkg.go.dev/vuln/GO-2024-3106

Match rules

CPE URI Source package Min version Max version
encoding/gob >= 0 < 1.22.7
encoding/gob >= 1.23.0-0 < 1.23.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status