← Retour aux CVEs
CVE-2024-24789
MEDIUM5.5
Description
The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.
Details CVE
Score CVSS v3.15.5
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie6/5/2024
Derniere modification1/31/2025
Sourcenvd
Observations honeypot0
Produits affectes
golang:go
References
http://www.openwall.com/lists/oss-security/2024/06/04/1(security@golang.org)
https://go.dev/cl/585397(security@golang.org)
https://go.dev/issue/66869(security@golang.org)
https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ(security@golang.org)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5YAEIA6IUHUNGJ7AIXXPQT6D2GYENX7/(security@golang.org)
https://pkg.go.dev/vuln/GO-2024-2888(security@golang.org)
http://www.openwall.com/lists/oss-security/2024/06/04/1(af854a3a-2127-422b-91ae-364da2661108)
https://go.dev/cl/585397(af854a3a-2127-422b-91ae-364da2661108)
https://go.dev/issue/66869(af854a3a-2127-422b-91ae-364da2661108)
https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5YAEIA6IUHUNGJ7AIXXPQT6D2GYENX7/(af854a3a-2127-422b-91ae-364da2661108)
https://pkg.go.dev/vuln/GO-2024-2888(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20250131-0008/(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.