Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Latest 1.22.x release. These minor releases include 3 security fixes following the security policy: go/parser: stack exhaustion in all Parse* functions Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. This is CVE-2024-34155 and Go issue https://go.dev/issue/69138. encoding/gob: stack exhaustion in Decoder.Decode Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Thanks to Md Sakib Anwar of The Ohio State University ([email protected]) for reporting this issue. This is CVE-2024-34156 and Go issue https://go.dev/issue/69139. go/build/constraint: stack exhaustion in Parse Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. This is CVE-2024-34158 and Go issue https://go.dev/issue/69141. Signed-off-by: Andrey Smirnov <[email protected]>
- Loading branch information