It was discovered that the Go net/http module did not properly handle responses to requests with an "Expect: 100-continue" header under certain circumstances. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-24791) It was discovered that the Go parser module did not properly handle deeply nested literal values. An attacker could possibly use this issue to cause a panic resulting in a denial of service. (CVE-2024-34155) It was discovered that the Go encoding/gob module did not properly handle message decoding under certain circumstances. An attacker could possibly use this issue to cause a panic resulting in a denial of service. (CVE-2024-34156) It was discovered that the Go build module did not properly handle certain build tag lines with deeply nested expressions. An attacker could possibly use this issue to cause a panic resulting in a denial of service. (CVE-2024-34158)
Continue reading...
Continue reading...
