security: fix CVE-2024-45341 #71156

rolandshoemaker · 2025-01-07T18:36:42Z

This is a PRIVATE issue for CVE-2024-45341, tracked in http://b/379881511 and fixed by https://go-internal-review.git.corp.google.com/c/go/+/1700.

/cc @golang/security and @golang/release

neild · 2025-01-09T23:27:57Z

@gopherbot please open backport issues for 1.22, 1.23, and 1.24

gopherbot · 2025-01-09T23:28:56Z

Backport issue(s) opened: #71207 (for 1.22), #71208 (for 1.23), #71209 (for 1.24).

Remember to create the cherry-pick CL(s) as soon as the patch is submitted to master, according to https://go.dev/wiki/MinorReleases.

This was referenced Jan 7, 2025

x/vulndb: potential Go vuln in github.com/golang/glog: CVE-2024-45339 golang/vulndb#3372

Open

x/vulndb: potential Go vuln in <placeholder>: CVE-2024-45341 golang/vulndb#3373

Open

gabyhelp added the BugReport Issues describing a possible bug in the Go implementation. label Jan 7, 2025

prattmic added the NeedsFix The path to resolution is known, but the work has not been done. label Jan 8, 2025

dmitshur added the Security label Jan 8, 2025

gopherbot mentioned this issue Jan 9, 2025

security: fix CVE-2024-45341 [1.22 backport] #71207

Open

This was referenced Jan 9, 2025

security: fix CVE-2024-45341 [1.23 backport] #71208

Open

security: fix CVE-2024-45341 [1.24 backport] #71209

Open

gabyhelp mentioned this issue Jan 10, 2025

security: fix CVE-2025-22865 #71216

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

security: fix CVE-2024-45341 #71156

security: fix CVE-2024-45341 #71156

rolandshoemaker commented Jan 7, 2025

neild commented Jan 9, 2025

gopherbot commented Jan 9, 2025

security: fix CVE-2024-45341 #71156

security: fix CVE-2024-45341 #71156

Comments

rolandshoemaker commented Jan 7, 2025

neild commented Jan 9, 2025

gopherbot commented Jan 9, 2025