Bug 2310529 (CVE-2024-34158) - CVE-2024-34158 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion [NEEDINFO]
Summary: CVE-2024-34158 go/build/constraint: golang: Calling Parse on a "// +build" bu...
Keywords:
Status: NEW
Alias: CVE-2024-34158
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2310538 2310539 2310540 2310541 2310547 2310550 2310552 2310554 2310548 2310549 2310551
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-09-06 21:20 UTC by OSIDB Bzimport
Modified: 2024-11-08 15:00 UTC (History)
112 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the go/build/constraint package of the Golang standard library. Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.
Clone Of:
Environment:
Last Closed:
Embargoed:
mijjapur: needinfo? (prodsec-dev)


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2024:7096 0 None None None 2024-09-25 06:51:49 UTC
Red Hat Product Errata RHBA-2024:8041 0 None None None 2024-10-14 05:27:07 UTC
Red Hat Product Errata RHBA-2024:8135 0 None None None 2024-10-15 13:25:33 UTC
Red Hat Product Errata RHBA-2024:8225 0 None None None 2024-10-17 00:55:16 UTC
Red Hat Product Errata RHBA-2024:8277 0 None None None 2024-10-21 00:10:02 UTC
Red Hat Product Errata RHBA-2024:8278 0 None None None 2024-10-21 00:22:27 UTC
Red Hat Product Errata RHSA-2024:6908 0 None None None 2024-09-23 01:47:32 UTC
Red Hat Product Errata RHSA-2024:6913 0 None None None 2024-09-23 01:47:58 UTC
Red Hat Product Errata RHSA-2024:8014 0 None None None 2024-10-22 01:06:24 UTC
Red Hat Product Errata RHSA-2024:8038 0 None None None 2024-10-14 02:14:51 UTC
Red Hat Product Errata RHSA-2024:8039 0 None None None 2024-10-14 01:58:57 UTC
Red Hat Product Errata RHSA-2024:8112 0 None None None 2024-10-15 09:28:20 UTC
Red Hat Product Errata RHSA-2024:8229 0 None None None 2024-10-23 05:29:23 UTC
Red Hat Product Errata RHSA-2024:8232 0 None None None 2024-10-23 05:47:33 UTC
Red Hat Product Errata RHSA-2024:8260 0 None None None 2024-10-24 10:45:25 UTC
Red Hat Product Errata RHSA-2024:8263 0 None None None 2024-10-24 10:59:39 UTC
Red Hat Product Errata RHSA-2024:8329 0 None None None 2024-10-22 15:40:39 UTC
Red Hat Product Errata RHSA-2024:8337 0 None None None 2024-10-31 00:55:44 UTC
Red Hat Product Errata RHSA-2024:8425 0 None None None 2024-10-31 03:38:12 UTC
Red Hat Product Errata RHSA-2024:8428 0 None None None 2024-10-31 03:56:40 UTC
Red Hat Product Errata RHSA-2024:8688 0 None None None 2024-11-06 14:30:33 UTC
Red Hat Product Errata RHSA-2024:8690 0 None None None 2024-11-06 14:48:22 UTC
Red Hat Product Errata RHSA-2024:8692 0 None None None 2024-11-07 03:09:20 UTC
Red Hat Product Errata RHSA-2024:8694 0 None None None 2024-11-07 03:29:06 UTC
Red Hat Product Errata RHSA-2024:8697 0 None None None 2024-11-08 01:46:34 UTC
Red Hat Product Errata RHSA-2024:8700 0 None None None 2024-11-08 15:00:13 UTC

Description OSIDB Bzimport 2024-09-06 21:20:36 UTC
Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

Comment 2 errata-xmlrpc 2024-09-23 01:47:26 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:6908 https://access.redhat.com/errata/RHSA-2024:6908

Comment 3 errata-xmlrpc 2024-09-23 01:47:53 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:6913 https://access.redhat.com/errata/RHSA-2024:6913

Comment 6 errata-xmlrpc 2024-10-14 01:58:52 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:8039 https://access.redhat.com/errata/RHSA-2024:8039

Comment 7 errata-xmlrpc 2024-10-14 02:14:46 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:8038 https://access.redhat.com/errata/RHSA-2024:8038

Comment 8 errata-xmlrpc 2024-10-15 09:28:15 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:8112 https://access.redhat.com/errata/RHSA-2024:8112

Comment 9 errata-xmlrpc 2024-10-22 01:06:19 UTC
This issue has been addressed in the following products:

  NETWORK-OBSERVABILITY-1.7.0-RHEL-9

Via RHSA-2024:8014 https://access.redhat.com/errata/RHSA-2024:8014

Comment 10 errata-xmlrpc 2024-10-22 15:40:34 UTC
This issue has been addressed in the following products:

  Cryostat 3 on RHEL 8

Via RHSA-2024:8329 https://access.redhat.com/errata/RHSA-2024:8329

Comment 11 errata-xmlrpc 2024-10-23 05:29:18 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.17

Via RHSA-2024:8229 https://access.redhat.com/errata/RHSA-2024:8229

Comment 12 errata-xmlrpc 2024-10-23 05:47:28 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.17

Via RHSA-2024:8232 https://access.redhat.com/errata/RHSA-2024:8232

Comment 13 errata-xmlrpc 2024-10-24 10:45:19 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.16

Via RHSA-2024:8260 https://access.redhat.com/errata/RHSA-2024:8260

Comment 14 errata-xmlrpc 2024-10-24 10:59:33 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.16

Via RHSA-2024:8263 https://access.redhat.com/errata/RHSA-2024:8263

Comment 15 errata-xmlrpc 2024-10-31 00:55:38 UTC
This issue has been addressed in the following products:

  RODOO-1.1-RHEL-9

Via RHSA-2024:8337 https://access.redhat.com/errata/RHSA-2024:8337

Comment 16 errata-xmlrpc 2024-10-31 03:38:06 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.15

Via RHSA-2024:8425 https://access.redhat.com/errata/RHSA-2024:8425

Comment 17 errata-xmlrpc 2024-10-31 03:56:34 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.15

Via RHSA-2024:8428 https://access.redhat.com/errata/RHSA-2024:8428

Comment 18 errata-xmlrpc 2024-11-06 14:30:27 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2024:8688 https://access.redhat.com/errata/RHSA-2024:8688

Comment 19 errata-xmlrpc 2024-11-06 14:48:04 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2024:8690 https://access.redhat.com/errata/RHSA-2024:8690

Comment 20 errata-xmlrpc 2024-11-07 03:09:14 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2024:8692 https://access.redhat.com/errata/RHSA-2024:8692

Comment 21 errata-xmlrpc 2024-11-07 03:28:59 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12
  Ironic content for Red Hat OpenShift Container Platform 4.12

Via RHSA-2024:8694 https://access.redhat.com/errata/RHSA-2024:8694

Comment 22 errata-xmlrpc 2024-11-08 01:46:27 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2024:8697 https://access.redhat.com/errata/RHSA-2024:8697

Comment 23 errata-xmlrpc 2024-11-08 15:00:07 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2024:8700 https://access.redhat.com/errata/RHSA-2024:8700


Note You need to log in before you can comment on or make changes to this bug.