CVE-2024-34156

Summary

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

Affected Software

VendorProductVersion RangeStatus
Go standard libraryencoding/gob0 < 1.22.7affected
Go standard libraryencoding/gob1.23.0-0 < 1.23.1affected

Weaknesses

  • CWE-674: Uncontrolled Recursion

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References