CVE-2024-34155: Stack exhaustion in all Parse functions in go/parser
Published Sep 6, 2024
·Updated
Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.
Affected Software
4 affected componentsFixes available
debian/golang-1.15<=1.15.15-1~deb11u4
debian/golang-1.19<=1.19.8-2
debian/golang-1.23
1.23.8-1
IBM Concert Software<=1.0.0-1.1.0
Event History
Sep 6, 2024
CVE Published
via MITRE·08:42 PM
Data Sourced
via MITRE·08:42 PM
DescriptionWeakness
Data Sourced
via NVD·09:15 PM
DescriptionSeverity
Data Sourced
via Red Hat·09:20 PM
DescriptionSeverityAffected Software
Nov 22, 2024
Data Sourced
via Ubuntu·03:01 PM
RemedyDescriptionSeverityAffected Software
Aug 18, 2025
Data Sourced
via IBM·12:00 AM
DescriptionAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2024-34155?
CVE-2024-34155 has a severity that can lead to application crashes due to stack exhaustion.
2
How do I fix CVE-2024-34155?
To fix CVE-2024-34155, upgrade to golang-1.22 version 1.22.11-1 or golang-1.23 version 1.23.5-1.
3
What products are affected by CVE-2024-34155?
CVE-2024-34155 affects IBM Concert Software and multiple versions of Go, specifically golang-1.15, golang-1.19, golang-1.22, and golang-1.23.
4
Can CVE-2024-34155 cause security issues?
Yes, CVE-2024-34155 can lead to a denial of service due to application crashes under specific conditions.
5
How do I check if my software is vulnerable to CVE-2024-34155?
You can check if your software is vulnerable to CVE-2024-34155 by verifying if you are using the affected versions of Go and IBM Concert Software.