GO-2023-1702

Source
https://pkg.go.dev/vuln/GO-2023-1702
Import Source
https://vuln.go.dev/ID/GO-2023-1702.json
JSON Data
https://api.osv.dev/v1/vulns/GO-2023-1702
Aliases
Published
2023-04-05T21:05:07Z
Modified
2024-09-11T06:13:29.214872Z
Summary
Infinite loop in parsing in go/scanner
Details

Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.

References
Credits
    • Philippe Antoine (Catena cyber)

Affected packages

Go / stdlib

Package

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.19.8
Introduced
1.20.0-0
Fixed
1.20.3

Ecosystem specific

{
    "imports": [
        {
            "path": "go/scanner",
            "symbols": [
                "Scanner.Scan",
                "Scanner.updateLineInfo"
            ]
        }
    ]
}