{"id":"GO-2024-2824","summary":"Malformed DNS message can cause infinite loop in net","details":"A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.","aliases":["BIT-golang-2024-24788","CVE-2024-24788"],"modified":"2026-03-17T04:49:11.510383Z","published":"2024-05-07T22:33:51Z","related":["CGA-xrpf-g8fm-8m6m","RHBA-2024:3840","RHEA-2024:7866","RHEA-2025:0507","RHSA-2024:4616","RHSA-2024:5291","RHSA-2024:6765","RHSA-2024:6969","RHSA-2024:9089","RHSA-2024:9098","RHSA-2024:9115","RHSA-2024:9135","RHSA-2024:9200","RHSA-2024:9277","RHSA-2025:7256"],"database_specific":{"review_status":"REVIEWED","url":"https://pkg.go.dev/vuln/GO-2024-2824"},"references":[{"type":"REPORT","url":"https://go.dev/issue/66754"},{"type":"FIX","url":"https://go.dev/cl/578375"},{"type":"WEB","url":"https://groups.google.com/g/golang-announce/c/wkkO4P9stm0"}],"affected":[{"package":{"name":"stdlib","ecosystem":"Go","purl":"pkg:golang/stdlib"},"ranges":[{"type":"SEMVER","events":[{"introduced":"1.22.0-0"},{"fixed":"1.22.3"}]}],"ecosystem_specific":{"imports":[{"symbols":["Dial","DialTimeout","Dialer.Dial","Dialer.DialContext","Listen","ListenConfig.Listen","ListenConfig.ListenPacket","ListenPacket","LookupAddr","LookupCNAME","LookupHost","LookupIP","LookupMX","LookupNS","LookupSRV","LookupTXT","ResolveIPAddr","ResolveTCPAddr","ResolveUDPAddr","Resolver.LookupAddr","Resolver.LookupCNAME","Resolver.LookupHost","Resolver.LookupIP","Resolver.LookupIPAddr","Resolver.LookupMX","Resolver.LookupNS","Resolver.LookupNetIP","Resolver.LookupSRV","Resolver.LookupTXT","extractExtendedRCode"],"path":"net"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2024-2824.json"}}],"schema_version":"1.7.5","credits":[{"name":"@long-name-let-people-remember-you"},{"name":"Mateusz Poliwczak"}]}