Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-24789

The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.

Published

2024-06-05T16:15:10.470

Last Modified

2025-01-31T15:15:12.740

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	golang	go	< 1.21.11	Yes
Application	golang	go	< 1.22.4	Yes

References

http://www.openwall.com/lists/oss-security/2024/06/04/1 Mailing List ([email protected])
https://go.dev/cl/585397 Patch ([email protected])
https://go.dev/issue/66869 Issue Tracking, Patch ([email protected])
https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ Release Notes ([email protected])
https://lists.fedoraproject.org/archives/list/[email protected]/message/U5YAEIA6IUHUNGJ7AIXXPQT6D2GYENX7/ ([email protected])
https://pkg.go.dev/vuln/GO-2024-2888 Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2024/06/04/1 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
https://go.dev/cl/585397 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://go.dev/issue/66869 Issue Tracking, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/U5YAEIA6IUHUNGJ7AIXXPQT6D2GYENX7/ (af854a3a-2127-422b-91ae-364da2661108)
https://pkg.go.dev/vuln/GO-2024-2888 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20250131-0008/ (af854a3a-2127-422b-91ae-364da2661108)