CVE-2023-24537
CVE Details
Visit the official vulnerability details page for CVE-2023-24537 to learn more.
Initial Publication
11/13/2024
Last Update
01/20/2025
Third Party Dependency
go
NIST CVE Summary
Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.
CVE Severity
Our Official Summary
This vulnerability is a false positive. Although this is reported by the scanning tools on some of the components, further checks indicate the symbol/function with the vulnerability while present is not being used.
Status
Ongoing
Affected Products & Versions
This CVE is non-impacting as the impacting symbol and/or function is not used in the product
Revision History
| Date | Revision |
|---|---|
| 01/20/2025 | Advisory is no longer impacting. |
| 01/20/2025 | Official summary revised: This vulnerability is a false positive. Although this is reported by the scanning tools on some of the components, further checks indicate the symbol/function with the vulnerability while present is not being used. |
| 01/20/2025 | Impacted versions changed from 4.4.20 to 4.4.20, 4.5.20 |
| 12/13/2024 | Official summary revised: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service.Exploiting this vulnerability in Palette deployments will require an external user to compromise the network controls and gain privileged access. There are controls in place which makes the exploitation difficult. |