CVE-2024-24789

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-24789

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-24789.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-24789

Aliases

Downstream

BELL-CVE-2024-24789

DEBIAN-CVE-2024-24789

MINI-4vgg-2wgf-f84p

MINI-gcp7-fqg6-fp84

OESA-2024-1769

OESA-2024-1771

OESA-2024-1772

OESA-2024-1791

RHEA-2025:0507

RHSA-2024:3722

RHSA-2024:4212

RHSA-2024:4237

RHSA-2024:4867

RHSA-2024:5258

RHSA-2024:5291

RHSA-2024:9102

RHSA-2024:9115

RLSA-2024:4212

RLSA-2024:4237

RLSA-2024:5258

RLSA-2024:5291

RLSA-2024:9102

SUSE-SU-2024:1935-1

SUSE-SU-2024:1936-1

SUSE-SU-2024:1969-1

SUSE-SU-2024:1970-1

SUSE-SU-2024:3089-1

SUSE-SU-2024:3360-1

SUSE-SU-2024:3755-1

SUSE-SU-2024:3772-1

SUSE-SU-2024:3938-1

UBUNTU-CVE-2024-24789

USN-6886-1

USN-7109-1

USN-7111-1

openSUSE-SU-2024:14020-1

openSUSE-SU-2024:14023-1

openSUSE-SU-2024:14050-1

Related

Published

2024-06-05T16:15:10.470Z

Modified

2026-02-02T21:34:19.999755Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.

References

Affected packages

Git / github.com/golang/go

Affected ranges

Type: GIT
Repo: https://github.com/golang/go
Events: Fixed

48103d97a84d549b44bc4764df6958f73ba5ee02

Introduced

a10e42f219abb9c5bc4e7d86d9464700a42c7d57

Fixed

ace5bb40d027b718b67556afcd31bf54cff050ab

Affected versions

go1.*

go1.22.0

go1.22.1

go1.22.2

go1.22.3

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-24789.json"