Vulnerability Report: GO-2023-1631
- CVE-2023-24535, GHSA-hw7c-3rfg-p46j
- Affects: google.golang.org/protobuf
- Published: Mar 14, 2023
- Modified: Jun 12, 2023
Parsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic.
Affected Packages
-
PathVersionsSymbols
-
from v1.29.0 before v1.29.1
-
from v1.29.0 before v1.29.1
Aliases
References
- https://go.dev/cl/475995
- https://github.com/golang/protobuf/issues/1530
- https://vuln.go.dev/ID/GO-2023-1631.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.