Skip to content

CVE-2024-45338 #563

New issue
New issue
Open
Open
CVE-2024-45338#563
@FrankAnk

Description

@FrankAnk
FrankAnk
opened on Dec 19, 2024

go-sqlcmd v1.8.2

Trivy scan reports Vulnerability CVE-2024-45338 in Package "golang.org/x/net" v0.26.0, this is fixed in version 0.33.0

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions