Home > Vulnerability Database > CVE-2024-24789

Mend.io Vulnerability Database

CVE-2024-24789

Good to know:

Date: June 5, 2024

The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.

Language: Go

Severity Score

5.5

Related Resources (10)

Url: https://pkg.go.dev/vuln/GO-2024-2888

Url: https://github.com/golang/go/commit/cf501ac0c5fe351a8582d20b43562027927906e7

Url: https://go.dev/cl/585397

Url: https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ

Url: http://www.openwall.com/lists/oss-security/2024/06/04/1

Url: https://go.dev/issue/66869

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5YAEIA6IUHUNGJ7AIXXPQT6D2GYENX7/

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-24789

Url: https://security-tracker.debian.org/tracker/CVE-2024-24789

Url: https://www.mend.io/vulnerability-database/CVE-2024-24789

Severity Score

5.5

Top Fix

Upgrade Version

Upgrade to version go1.21.11,go1.22.4

Learn More

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-24789

Good to know:

Date: June 5, 2024

Language: Go

Severity Score

Related Resources (10)

Severity Score

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?