Go Vulnerability Database

• CVE-2024-24787
• Affects: cmd/go
• Published: May 08, 2024

On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive.

• CVE-2024-24788
• Affects: net
• Published: May 07, 2024
• Modified: May 08, 2024

A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.

• CVE-2024-32972, GHSA-4xc9-8hmq-j652
• Affects: github.com/ethereum/go-ethereum
• Published: May 08, 2024

A vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node. This can result in a denial of service as the node runs out of memory.

• CVE-2024-34478, GHSA-3jgf-r68h-xfqm
• Affects: github.com/btcsuite/btcd
• Published: May 08, 2024

Incorrect implementation of the consensus rules outlined in BIP 68 and BIP 112 making btcd susceptible to consensus failures. Specifically, it uses the transaction version as a signed integer when it is supposed to be treated as unsigned. There can be a chain split and loss of funds.

• GHSA-x883-2vmg-xwf7
• Affects: github.com/authelia/authelia/v4
• Published: Apr 26, 2024

If the file authentication backend is being used, the ewatch option is set to true, the refresh interval is configured to a non-disabled value, and an administrator changes a user's groups, then that user may be able to access resources that their previous groups had access to.