Search for vulnerabilities
Vulnerability details: VCID-5jrc-kwjy-c7da
Vulnerability ID VCID-5jrc-kwjy-c7da
Aliases CVE-2024-45338
GHSA-w32m-9786-jp63
Summary An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-770 Allocation of Resources Without Limits or Throttling
CWE-405 Asymmetric Resource Consumption (Amplification)
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45338.json
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.0014 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2024-45338
generic_textual HIGH https://cs.opensource.google/go/x/net
cvssv3.1 5.9 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
generic_textual HIGH https://github.com/golang/go/issues/70906
cvssv3.1 5.3 https://go.dev/cl/637536
generic_textual HIGH https://go.dev/cl/637536
ssvc Track https://go.dev/cl/637536
cvssv3.1 5.3 https://go.dev/issue/70906
generic_textual HIGH https://go.dev/issue/70906
ssvc Track https://go.dev/issue/70906
cvssv3.1 5.3 https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ
generic_textual HIGH https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ
ssvc Track https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2024-45338
cvssv3.1 5.3 https://pkg.go.dev/vuln/GO-2024-3333
generic_textual HIGH https://pkg.go.dev/vuln/GO-2024-3333
ssvc Track https://pkg.go.dev/vuln/GO-2024-3333
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45338.json
https://api.first.org/data/v1/epss?cve=CVE-2024-45338
https://cs.opensource.google/go/x/net
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45338
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/golang/go/issues/70906
https://go.dev/cl/637536
https://go.dev/issue/70906
https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ
https://pkg.go.dev/vuln/GO-2024-3333
https://security.netapp.com/advisory/ntap-20250221-0001/
1091168 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1091168
2333122 https://bugzilla.redhat.com/show_bug.cgi?id=2333122
CVE-2024-45338 https://nvd.nist.gov/vuln/detail/CVE-2024-45338
RHSA-2024:11037 https://access.redhat.com/errata/RHSA-2024:11037
RHSA-2024:11038 https://access.redhat.com/errata/RHSA-2024:11038
RHSA-2024:6122 https://access.redhat.com/errata/RHSA-2024:6122
RHSA-2025:0048 https://access.redhat.com/errata/RHSA-2025:0048
RHSA-2025:0115 https://access.redhat.com/errata/RHSA-2025:0115
RHSA-2025:0121 https://access.redhat.com/errata/RHSA-2025:0121
RHSA-2025:0140 https://access.redhat.com/errata/RHSA-2025:0140
RHSA-2025:0224 https://access.redhat.com/errata/RHSA-2025:0224
RHSA-2025:0364 https://access.redhat.com/errata/RHSA-2025:0364
RHSA-2025:0370 https://access.redhat.com/errata/RHSA-2025:0370
RHSA-2025:0384 https://access.redhat.com/errata/RHSA-2025:0384
RHSA-2025:0385 https://access.redhat.com/errata/RHSA-2025:0385
RHSA-2025:0386 https://access.redhat.com/errata/RHSA-2025:0386
RHSA-2025:0390 https://access.redhat.com/errata/RHSA-2025:0390
RHSA-2025:0444 https://access.redhat.com/errata/RHSA-2025:0444
RHSA-2025:0445 https://access.redhat.com/errata/RHSA-2025:0445
RHSA-2025:0485 https://access.redhat.com/errata/RHSA-2025:0485
RHSA-2025:0522 https://access.redhat.com/errata/RHSA-2025:0522
RHSA-2025:0535 https://access.redhat.com/errata/RHSA-2025:0535
RHSA-2025:0536 https://access.redhat.com/errata/RHSA-2025:0536
RHSA-2025:0552 https://access.redhat.com/errata/RHSA-2025:0552
RHSA-2025:0560 https://access.redhat.com/errata/RHSA-2025:0560
RHSA-2025:0576 https://access.redhat.com/errata/RHSA-2025:0576
RHSA-2025:0577 https://access.redhat.com/errata/RHSA-2025:0577
RHSA-2025:0645 https://access.redhat.com/errata/RHSA-2025:0645
RHSA-2025:0646 https://access.redhat.com/errata/RHSA-2025:0646
RHSA-2025:0649 https://access.redhat.com/errata/RHSA-2025:0649
RHSA-2025:0650 https://access.redhat.com/errata/RHSA-2025:0650
RHSA-2025:0653 https://access.redhat.com/errata/RHSA-2025:0653
RHSA-2025:0654 https://access.redhat.com/errata/RHSA-2025:0654
RHSA-2025:0678 https://access.redhat.com/errata/RHSA-2025:0678
RHSA-2025:0679 https://access.redhat.com/errata/RHSA-2025:0679
RHSA-2025:0715 https://access.redhat.com/errata/RHSA-2025:0715
RHSA-2025:0754 https://access.redhat.com/errata/RHSA-2025:0754
RHSA-2025:0775 https://access.redhat.com/errata/RHSA-2025:0775
RHSA-2025:0778 https://access.redhat.com/errata/RHSA-2025:0778
RHSA-2025:0783 https://access.redhat.com/errata/RHSA-2025:0783
RHSA-2025:0785 https://access.redhat.com/errata/RHSA-2025:0785
RHSA-2025:0821 https://access.redhat.com/errata/RHSA-2025:0821
RHSA-2025:0827 https://access.redhat.com/errata/RHSA-2025:0827
RHSA-2025:0831 https://access.redhat.com/errata/RHSA-2025:0831
RHSA-2025:0832 https://access.redhat.com/errata/RHSA-2025:0832
RHSA-2025:0839 https://access.redhat.com/errata/RHSA-2025:0839
RHSA-2025:0840 https://access.redhat.com/errata/RHSA-2025:0840
RHSA-2025:0851 https://access.redhat.com/errata/RHSA-2025:0851
RHSA-2025:0875 https://access.redhat.com/errata/RHSA-2025:0875
RHSA-2025:0892 https://access.redhat.com/errata/RHSA-2025:0892
RHSA-2025:0905 https://access.redhat.com/errata/RHSA-2025:0905
RHSA-2025:0907 https://access.redhat.com/errata/RHSA-2025:0907
RHSA-2025:1013 https://access.redhat.com/errata/RHSA-2025:1013
RHSA-2025:1050 https://access.redhat.com/errata/RHSA-2025:1050
RHSA-2025:1051 https://access.redhat.com/errata/RHSA-2025:1051
RHSA-2025:1053 https://access.redhat.com/errata/RHSA-2025:1053
RHSA-2025:1115 https://access.redhat.com/errata/RHSA-2025:1115
RHSA-2025:1116 https://access.redhat.com/errata/RHSA-2025:1116
RHSA-2025:1119 https://access.redhat.com/errata/RHSA-2025:1119
RHSA-2025:1120 https://access.redhat.com/errata/RHSA-2025:1120
RHSA-2025:1123 https://access.redhat.com/errata/RHSA-2025:1123
RHSA-2025:1128 https://access.redhat.com/errata/RHSA-2025:1128
RHSA-2025:1289 https://access.redhat.com/errata/RHSA-2025:1289
RHSA-2025:1324 https://access.redhat.com/errata/RHSA-2025:1324
RHSA-2025:1331 https://access.redhat.com/errata/RHSA-2025:1331
RHSA-2025:1332 https://access.redhat.com/errata/RHSA-2025:1332
RHSA-2025:1333 https://access.redhat.com/errata/RHSA-2025:1333
RHSA-2025:1334 https://access.redhat.com/errata/RHSA-2025:1334
RHSA-2025:1386 https://access.redhat.com/errata/RHSA-2025:1386
RHSA-2025:1448 https://access.redhat.com/errata/RHSA-2025:1448
RHSA-2025:1450 https://access.redhat.com/errata/RHSA-2025:1450
RHSA-2025:1451 https://access.redhat.com/errata/RHSA-2025:1451
RHSA-2025:1468 https://access.redhat.com/errata/RHSA-2025:1468
RHSA-2025:1609 https://access.redhat.com/errata/RHSA-2025:1609
RHSA-2025:1710 https://access.redhat.com/errata/RHSA-2025:1710
RHSA-2025:1711 https://access.redhat.com/errata/RHSA-2025:1711
RHSA-2025:1824 https://access.redhat.com/errata/RHSA-2025:1824
RHSA-2025:1829 https://access.redhat.com/errata/RHSA-2025:1829
RHSA-2025:1838 https://access.redhat.com/errata/RHSA-2025:1838
RHSA-2025:1841 https://access.redhat.com/errata/RHSA-2025:1841
RHSA-2025:1853 https://access.redhat.com/errata/RHSA-2025:1853
RHSA-2025:1865 https://access.redhat.com/errata/RHSA-2025:1865
RHSA-2025:1866 https://access.redhat.com/errata/RHSA-2025:1866
RHSA-2025:2415 https://access.redhat.com/errata/RHSA-2025:2415
RHSA-2025:2440 https://access.redhat.com/errata/RHSA-2025:2440
RHSA-2025:2441 https://access.redhat.com/errata/RHSA-2025:2441
RHSA-2025:2449 https://access.redhat.com/errata/RHSA-2025:2449
RHSA-2025:2588 https://access.redhat.com/errata/RHSA-2025:2588
RHSA-2025:2652 https://access.redhat.com/errata/RHSA-2025:2652
RHSA-2025:2658 https://access.redhat.com/errata/RHSA-2025:2658
RHSA-2025:2700 https://access.redhat.com/errata/RHSA-2025:2700
RHSA-2025:2701 https://access.redhat.com/errata/RHSA-2025:2701
RHSA-2025:2710 https://access.redhat.com/errata/RHSA-2025:2710
RHSA-2025:2903 https://access.redhat.com/errata/RHSA-2025:2903
RHSA-2025:2933 https://access.redhat.com/errata/RHSA-2025:2933
RHSA-2025:3069 https://access.redhat.com/errata/RHSA-2025:3069
RHSA-2025:3131 https://access.redhat.com/errata/RHSA-2025:3131
RHSA-2025:3132 https://access.redhat.com/errata/RHSA-2025:3132
RHSA-2025:3368 https://access.redhat.com/errata/RHSA-2025:3368
RHSA-2025:3374 https://access.redhat.com/errata/RHSA-2025:3374
RHSA-2025:3397 https://access.redhat.com/errata/RHSA-2025:3397
RHSA-2025:3500 https://access.redhat.com/errata/RHSA-2025:3500
RHSA-2025:3502 https://access.redhat.com/errata/RHSA-2025:3502
RHSA-2025:3542 https://access.redhat.com/errata/RHSA-2025:3542
RHSA-2025:3560 https://access.redhat.com/errata/RHSA-2025:3560
RHSA-2025:3573 https://access.redhat.com/errata/RHSA-2025:3573
RHSA-2025:3973 https://access.redhat.com/errata/RHSA-2025:3973
RHSA-2025:4007 https://access.redhat.com/errata/RHSA-2025:4007
RHSA-2025:7449 https://access.redhat.com/errata/RHSA-2025:7449
RHSA-2025:7451 https://access.redhat.com/errata/RHSA-2025:7451
RHSA-2025:8059 https://access.redhat.com/errata/RHSA-2025:8059
RHSA-2025:8301 https://access.redhat.com/errata/RHSA-2025:8301
RHSA-2025:8510 https://access.redhat.com/errata/RHSA-2025:8510
RHSA-2025:9136 https://access.redhat.com/errata/RHSA-2025:9136
RHSA-2025:9340 https://access.redhat.com/errata/RHSA-2025:9340
RHSA-2025:9646 https://access.redhat.com/errata/RHSA-2025:9646
USN-7197-1 https://usn.ubuntu.com/7197-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45338.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://go.dev/cl/637536
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-31T19:51:42Z/ Found at https://go.dev/cl/637536
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://go.dev/issue/70906
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-31T19:51:42Z/ Found at https://go.dev/issue/70906
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-31T19:51:42Z/ Found at https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://pkg.go.dev/vuln/GO-2024-3333
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-31T19:51:42Z/ Found at https://pkg.go.dev/vuln/GO-2024-3333
Exploit Prediction Scoring System (EPSS)
Percentile 0.17315
EPSS Score 0.00045
Published At Dec. 19, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-12-20T02:35:15.764079+00:00 NVD Importer Import https://nvd.nist.gov/vuln/detail/CVE-2024-45338 35.0.0