CVE-2023-24537
CVE Details
Visit the official vulnerability details page for CVE-2023-24537 to learn more.
Initial Publication
11/13/2024
Last Update
12/13/2024
Third Party Dependency
go
NIST CVE Summary
Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.
CVE Severity
Our Official Summary
A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service.
Exploiting this vulnerability in Palette deployments will require an external user to compromise the network controls and gain privileged access. There are controls in place which makes the exploitation difficult.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.5.15 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
| 4.5.11 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
| 4.5.10 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
| 4.5.8 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
| 4.5.5 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
| 4.5.4 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
| 4.4.20 | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted | ✅ No Impact |
Revision History
| Date | Revision |
|---|---|
| 12/13/2024 | Official summary revised: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service.Exploiting this vulnerability in Palette deployments will require an external user to compromise the network controls and gain privileged access. There are controls in place which makes the exploitation difficult. |