Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-24784

Published: 05/03/2024 Updated: 01/05/2024

Vulnerability Summary

The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers.

Mailing Lists

Full Disclosure: 5 CVEs fixed in Go 1.22.1 and Go 1.21.8, 1 CVE fixed in google.golang.org/protobuf
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> 5 CVEs fixed in Go 1221 and Go 1218, 1 CVE fixed in googlegolangorg/protobuf <!--X-Subject-Header-End--> <!--X-Head-of-M ...

References

https://go.dev/issue/65083https://go.dev/cl/555596https://groups.google.com/g/golang-announce/c/5pwGVUPoMbghttps://pkg.go.dev/vuln/GO-2024-2609https://security.netapp.com/advisory/ntap-20240329-0007/http://www.openwall.com/lists/oss-security/2024/03/08/4https://nvd.nist.govhttps://seclists.org/oss-sec/2024/q1/197
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook