{"id":"GO-2024-3106","summary":"Stack exhaustion in Decoder.Decode in encoding/gob","details":"Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.","aliases":["BIT-golang-2024-34156","CVE-2024-34156"],"modified":"2026-03-17T04:49:18.846484Z","published":"2024-09-06T19:15:23Z","related":["CGA-r689-g8v8-3x7q","CVE-2022-30635","RHEA-2024:4866","RHSA-2024:11216","RHSA-2024:11217","RHSA-2024:6908","RHSA-2024:6912","RHSA-2024:6913","RHSA-2024:6914","RHSA-2024:6946","RHSA-2024:6947","RHSA-2024:7102","RHSA-2024:7103","RHSA-2024:7135","RHSA-2024:7136","RHSA-2024:7202","RHSA-2024:7203","RHSA-2024:7204","RHSA-2024:7205","RHSA-2024:7206","RHSA-2024:7207","RHSA-2024:7208","RHSA-2024:7261","RHSA-2024:7262","RHSA-2024:7350","RHSA-2024:7351","RHSA-2024:7449","RHSA-2024:7455","RHSA-2024:7456","RHSA-2024:7485","RHSA-2024:7487","RHSA-2024:7488","RHSA-2024:7769","RHSA-2024:7791","RHSA-2024:7792","RHSA-2024:7793","RHSA-2024:7794","RHSA-2024:7818","RHSA-2024:7819","RHSA-2024:7820","RHSA-2024:7821","RHSA-2024:7822","RHSA-2024:7852","RHSA-2024:8038","RHSA-2024:8039","RHSA-2024:8110","RHSA-2024:8111","RHSA-2024:8112","RHSA-2024:8232","RHSA-2024:8263","RHSA-2024:8428","RHSA-2024:8690","RHSA-2024:8694","RHSA-2024:8700","RHSA-2024:9454","RHSA-2024:9456","RHSA-2024:9459","RHSA-2024:9472","RHSA-2024:9473","RHSA-2025:0203","RHSA-2025:1190","RHSA-2025:3773"],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2024-3106","review_status":"REVIEWED"},"references":[{"type":"FIX","url":"https://go.dev/cl/611239"},{"type":"REPORT","url":"https://go.dev/issue/69139"},{"type":"WEB","url":"https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"}],"affected":[{"package":{"name":"stdlib","ecosystem":"Go","purl":"pkg:golang/stdlib"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.22.7"},{"introduced":"1.23.0-0"},{"fixed":"1.23.1"}]}],"ecosystem_specific":{"imports":[{"symbols":["Decoder.Decode","Decoder.DecodeValue","Decoder.decIgnoreOpFor"],"path":"encoding/gob"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2024-3106.json"}}],"schema_version":"1.7.5","credits":[{"name":"Md Sakib Anwar of The Ohio State University (anwar.40@osu.edu)"}]}