mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
86 lines
3.0 KiB
JSON
86 lines
3.0 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2023-24535",
|
|
"ASSIGNER": "security@golang.org",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Parsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-125: Out-of-bounds Read"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "google.golang.org/protobuf",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "google.golang.org/protobuf/encoding/prototext",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "<",
|
|
"version_name": "1.29.0",
|
|
"version_value": "1.29.1"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "google.golang.org/protobuf/internal/encoding/text",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "<",
|
|
"version_name": "1.29.0",
|
|
"version_value": "1.29.1"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://go.dev/cl/475995",
|
|
"refsource": "MISC",
|
|
"name": "https://go.dev/cl/475995"
|
|
},
|
|
{
|
|
"url": "https://github.com/golang/protobuf/issues/1530",
|
|
"refsource": "MISC",
|
|
"name": "https://github.com/golang/protobuf/issues/1530"
|
|
},
|
|
{
|
|
"url": "https://pkg.go.dev/vuln/GO-2023-1631",
|
|
"refsource": "MISC",
|
|
"name": "https://pkg.go.dev/vuln/GO-2023-1631"
|
|
}
|
|
]
|
|
}
|
|
} |