Bug 2268021 (CVE-2024-24784)
Summary: | CVE-2024-24784 golang: net/mail: comments in display names are incorrectly handled | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Robb Gatica <rgatica> |
Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
Status: | NEW --- | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | amctagga, ansmith, aoconnor, apjagtap, asatyam, aveerama, bdettelb, bniver, chazlett, dfreiber, dhanak, diagrawa, dkenigsb, dperaza, drow, dsimansk, dymurray, eglynn, fdeutsch, flucifre, gmeno, gparvin, ibolton, jburrell, jcantril, jchui, jjoyce, jmatthew, jmontleo, joelsmith, jschluet, kingland, kverlaen, lbainbri, lhh, lsvaty, matzew, mbenjamin, mburns, mgarciac, mhackett, mnovotny, mrajanna, mwringe, njean, odf-bz-bot, oramraz, owatkins, pahickey, peholase, periklis, pgrist, pierdipi, pjindal, rguimara, rhaigner, rhuss, rjohnson, sabiswas, saroy, sdawley, shbose, sidakwo, sipoyare, skontopo, slucidi, smullick, sostapov, sseago, ubhargav, vereddy, vkumar, whayutin |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | go 1.21.8, go 1.22.1 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in Go's net/mail standard library package. The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using different parsers.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2268250, 2276465, 2276466, 2276467, 2276468, 2292182, 2292183, 2268251, 2276469, 2276470, 2276471, 2276472, 2276473, 2276474 | ||
Bug Blocks: | 2268016 |
Description
Robb Gatica
2024-03-06 02:06:29 UTC
Created golang tracking bugs for this issue: Affects: epel-all [bug 2268251] Affects: fedora-all [bug 2268250] This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:2562 https://access.redhat.com/errata/RHSA-2024:2562 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:3259 https://access.redhat.com/errata/RHSA-2024:3259 This issue has been addressed in the following products: Red Hat Openshift distributed tracing 3.2 Via RHSA-2024:3621 https://access.redhat.com/errata/RHSA-2024:3621 This issue has been addressed in the following products: OADP-1.3-RHEL-9 Via RHSA-2024:3790 https://access.redhat.com/errata/RHSA-2024:3790 This issue has been addressed in the following products: Openshift Serverless 1 on RHEL 8 Via RHSA-2024:4023 https://access.redhat.com/errata/RHSA-2024:4023 This issue has been addressed in the following products: RHOSS-1.33-RHEL-8 Via RHSA-2024:4028 https://access.redhat.com/errata/RHSA-2024:4028 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.16 Via RHSA-2024:0041 https://access.redhat.com/errata/RHSA-2024:0041 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.16 Via RHSA-2024:0045 https://access.redhat.com/errata/RHSA-2024:0045 This issue has been addressed in the following products: RODOO-1.1-RHEL-9 Via RHSA-2024:1616 https://access.redhat.com/errata/RHSA-2024:1616 This issue has been addressed in the following products: OSSO-1.3-RHEL-9 Via RHSA-2024:3637 https://access.redhat.com/errata/RHSA-2024:3637 This issue has been addressed in the following products: KDO-5.0-RHEL-9 Via RHSA-2024:3617 https://access.redhat.com/errata/RHSA-2024:3617 This issue has been addressed in the following products: Red Hat Migration Toolkit for Containers 1.7 Via RHSA-2024:4520 https://access.redhat.com/errata/RHSA-2024:4520 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:5258 https://access.redhat.com/errata/RHSA-2024:5258 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:6969 https://access.redhat.com/errata/RHSA-2024:6969 |