CVE-2023-24531

Related Files

Ubuntu Security Notice USN-7109-1

Posted Nov 14, 2024

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7109-1 - Philippe Antoine discovered that Go incorrectly handled crafted HTTP/2 streams. An attacker could possibly use this issue to cause a denial of service. Marten Seemann discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a panic resulting in a denial of service. Ameya Darshan and Jakob Ackermann discovered that Go did not properly validate the amount of memory and disk files ReadForm can consume. An attacker could possibly use this issue to cause a panic resulting in a denial of service.

tags | advisory, web, denial of service

systems | linux, ubuntu

advisories | CVE-2022-41723, CVE-2022-41724, CVE-2022-41725, CVE-2023-24531, CVE-2023-24536, CVE-2023-29402, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405, CVE-2023-29406, CVE-2023-39323, CVE-2023-39325, CVE-2023-45288, CVE-2023-45290

SHA-256 | 58c0bd17f1c8113660d80deb0928ae6b2fe30fb7373a788126eaeb55879ba80a

Download | Favorite | View

Ubuntu Security Notice USN-7061-1

Posted Oct 10, 2024

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7061-1 - Hunter Wittenborn discovered that Go incorrectly handled the sanitization of environment variables. An attacker could possibly use this issue to run arbitrary commands. Sohom Datta discovered that Go did not properly validate backticks as Javascript string delimiters, and did not escape them as expected. An attacker could possibly use this issue to inject arbitrary Javascript code into the Go template.

tags | advisory, arbitrary, javascript

systems | linux, ubuntu

advisories | CVE-2023-24531, CVE-2023-24538, CVE-2023-29402, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405, CVE-2023-29406, CVE-2023-39319, CVE-2023-39325, CVE-2024-24785

SHA-256 | 366aa6bc269ca28c4b992ad13527bd77d7968a9ad5dcd84915ed51954acbe4c1

Download | Favorite | View