跳转到帖子

Amazon Linux 2023: CVE-2024-24784: Medium priority package update for golang

recommended_posts

发布于
  • Members

Amazon Linux 2023: CVE-2024-24784: Medium priority package update for golang

Severity
5
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:N)
Published
03/05/2024
Created
02/14/2025
Added
02/14/2025
Modified
02/14/2025

Description

The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers. A flaw was found in Go's net/mail standard library package. The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using different parsers.

Solution(s)

  • amazon-linux-2023-upgrade-golang
  • amazon-linux-2023-upgrade-golang-bin
  • amazon-linux-2023-upgrade-golang-docs
  • amazon-linux-2023-upgrade-golang-misc
  • amazon-linux-2023-upgrade-golang-shared
  • amazon-linux-2023-upgrade-golang-src
  • amazon-linux-2023-upgrade-golang-tests

References

  • https://attackerkb.com/topics/cve-2024-24784
  • CVE - 2024-24784
  • https://alas.aws.amazon.com/AL2023/ALAS-2024-629.html
  • 查看数 706
  • 已创建
  • 最后回复

参与讨论

你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。
注意:你的帖子需要版主批准后才能看到。

游客
回帖…