AZL-42415

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-42415.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-42415

Upstream

CVE-2024-24789

Published

2024-06-05T16:15:10Z

Modified

2026-04-01T05:14:34.466261Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

CVE-2024-24789 affecting package msft-golang for versions less than 1.22.4-1

Details

The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-24789

Affected packages

Azure Linux:2 / msft-golang

Package

Name: msft-golang
Purl: pkg:rpm/azure-linux/msft-golang

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.22.4-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-42415.json"