INFSA-2025:3773: delve and golang security update
Information about definition
Identificator: INFSA-2025:3773
Type: security
Release date: 2025-04-29 14:20:35 UTC
Information about package
Go is a high-level general purpose programming language that is statically typed and compiled. It is known for the simplicity of its syntax and the efficiency of development that it enables by the inclusion of a large standard library supplying many needs for common projects. It was designed at Google.
Vulnerabilities description
- CVE-2024-34156
A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-34156
|
no information | 7.5 | no information |
Updated packages