Bugzilla – Bug 1210129
VUL-0: CVE-2023-24537: go1.19,go1.20: go/parser: infinite loop in parsing
Last modified: 2024-05-06 11:55:46 UTC
Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow. Thanks to Philippe Antoine (Catena cyber) for reporting this issue. This is CVE-2023-24537 and Go issue https://go.dev/issue/59180.
This is an autogenerated message for OBS integration: This bug (1210129) was mentioned in https://build.opensuse.org/request/show/1077384 Factory / go1.19 https://build.opensuse.org/request/show/1077385 Factory / go1.20
SUSE-SU-2023:1792-1: An update that solves four vulnerabilities and has one fix can now be installed. Category: security (important) Bug References: 1200441, 1210127, 1210128, 1210129, 1210130 CVE References: CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538 Sources used: openSUSE Leap 15.4 (src): go1.19-1.19.8-150000.1.26.1 Development Tools Module 15-SP4 (src): go1.19-1.19.8-150000.1.26.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): go1.19-1.19.8-150000.1.26.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): go1.19-1.19.8-150000.1.26.1 SUSE Linux Enterprise Real Time 15 SP3 (src): go1.19-1.19.8-150000.1.26.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): go1.19-1.19.8-150000.1.26.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): go1.19-1.19.8-150000.1.26.1 SUSE Enterprise Storage 7.1 (src): go1.19-1.19.8-150000.1.26.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:1791-1: An update that solves four vulnerabilities, contains one feature and has one fix can now be installed. Category: security (important) Bug References: 1206346, 1210127, 1210128, 1210129, 1210130 CVE References: CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538 Jira References: PED-1962 Sources used: openSUSE Leap 15.4 (src): go1.20-1.20.3-150000.1.8.1 Development Tools Module 15-SP4 (src): go1.20-1.20.3-150000.1.8.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:2105-1: An update that solves seven vulnerabilities and has three fixes can now be installed. Category: security (important) Bug References: 1206346, 1210127, 1210128, 1210129, 1210130, 1210938, 1210963, 1211029, 1211030, 1211031 CVE References: CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538, CVE-2023-24539, CVE-2023-24540, CVE-2023-29400 Sources used: openSUSE Leap 15.4 (src): go1.20-1.20.4-150000.1.11.1 Development Tools Module 15-SP4 (src): go1.20-1.20.4-150000.1.11.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:2127-1: An update that solves seven vulnerabilities, contains one feature and has four fixes can now be installed. Category: security (important) Bug References: 1200441, 1210127, 1210128, 1210129, 1210130, 1210938, 1210963, 1211029, 1211030, 1211031, 1211073 CVE References: CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538, CVE-2023-24539, CVE-2023-24540, CVE-2023-29400 Jira References: PED-1962 Sources used: openSUSE Leap 15.4 (src): go1.19-1.19.9-150000.1.31.1 Development Tools Module 15-SP4 (src): go1.19-1.19.9-150000.1.31.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): go1.19-1.19.9-150000.1.31.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): go1.19-1.19.9-150000.1.31.1 SUSE Linux Enterprise Real Time 15 SP3 (src): go1.19-1.19.9-150000.1.31.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): go1.19-1.19.9-150000.1.31.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): go1.19-1.19.9-150000.1.31.1 SUSE Enterprise Storage 7.1 (src): go1.19-1.19.9-150000.1.31.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:2105-2: An update that solves seven vulnerabilities and has three fixes can now be installed. Category: security (important) Bug References: 1206346, 1210127, 1210128, 1210129, 1210130, 1210938, 1210963, 1211029, 1211030, 1211031 CVE References: CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538, CVE-2023-24539, CVE-2023-24540, CVE-2023-29400 Sources used: SUSE Linux Enterprise Real Time 15 SP3 (src): go1.20-1.20.4-150000.1.11.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
done, closing