{"id":"MGASA-2024-0376","summary":"Updated golang packages fix security vulnerabilities","details":"Calling any of the Parse functions on Go source code which contains\ndeeply nested literals can cause a panic due to stack exhaustion.\nCVE-2024-34155\nCalling Decoder.Decode on a message which contains deeply nested\nstructures can cause a panic due to stack exhaustion CVE-2024-34156\nCalling Parse on a \"// +build\" build tag line with deeply nested\nexpressions can cause a panic due to stack exhaustion.CVE-2024-34158\n","modified":"2026-02-02T00:08:16.701123Z","published":"2024-11-27T19:59:10Z","related":["CVE-2024-34155","CVE-2024-34156","CVE-2024-34158"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2024-0376.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=33526"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2024/09/05/1"}],"affected":[{"package":{"name":"golang","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/golang?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.22.9-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0376.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}