Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for net by Go standard library

    CVE-2026-39836 (GCVE-0-2026-39836)

    Vulnerability from nvd – Published: 2026-05-07 19:41 – Updated: 2026-05-08 21:30
    VLAI
    Title
    Panic in Dial and LookupPort when handling NUL byte on Windows in net
    Summary
    The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Go
    Impacted products
    Vendor Product Version
    Go standard library net Affected: 0 , < 1.25.10 (semver)
    Affected: 1.26.0-0 , < 1.26.3 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-39836",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-08T16:36:25.079035Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-08T21:30:15.127Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "net",
              "product": "net",
              "programRoutines": [
                {
                  "name": "Resolver.lookupPort"
                },
                {
                  "name": "Resolver.lookupAddr"
                },
                {
                  "name": "Resolver.lookupTXT"
                },
                {
                  "name": "Resolver.lookupNS"
                },
                {
                  "name": "Resolver.lookupMX"
                },
                {
                  "name": "Resolver.lookupSRV"
                },
                {
                  "name": "Dial"
                },
                {
                  "name": "DialTimeout"
                },
                {
                  "name": "Dialer.Dial"
                },
                {
                  "name": "Dialer.DialContext"
                },
                {
                  "name": "Listen"
                },
                {
                  "name": "ListenConfig.Listen"
                },
                {
                  "name": "ListenConfig.ListenPacket"
                },
                {
                  "name": "ListenPacket"
                },
                {
                  "name": "LookupAddr"
                },
                {
                  "name": "LookupCNAME"
                },
                {
                  "name": "LookupHost"
                },
                {
                  "name": "LookupIP"
                },
                {
                  "name": "LookupMX"
                },
                {
                  "name": "LookupNS"
                },
                {
                  "name": "LookupPort"
                },
                {
                  "name": "LookupSRV"
                },
                {
                  "name": "LookupTXT"
                },
                {
                  "name": "ResolveIPAddr"
                },
                {
                  "name": "ResolveTCPAddr"
                },
                {
                  "name": "ResolveUDPAddr"
                },
                {
                  "name": "Resolver.LookupAddr"
                },
                {
                  "name": "Resolver.LookupCNAME"
                },
                {
                  "name": "Resolver.LookupHost"
                },
                {
                  "name": "Resolver.LookupIP"
                },
                {
                  "name": "Resolver.LookupIPAddr"
                },
                {
                  "name": "Resolver.LookupMX"
                },
                {
                  "name": "Resolver.LookupNS"
                },
                {
                  "name": "Resolver.LookupNetIP"
                },
                {
                  "name": "Resolver.LookupPort"
                },
                {
                  "name": "Resolver.LookupSRV"
                },
                {
                  "name": "Resolver.LookupTXT"
                }
              ],
              "vendor": "Go standard library",
              "versions": [
                {
                  "lessThan": "1.25.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.26.3",
                  "status": "affected",
                  "version": "1.26.0-0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-248: Uncaught Exception",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-07T19:41:18.300Z",
            "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
            "shortName": "Go"
          },
          "references": [
            {
              "url": "https://go.dev/issue/79006"
            },
            {
              "url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
            },
            {
              "url": "https://go.dev/cl/775320"
            },
            {
              "url": "https://pkg.go.dev/vuln/GO-2026-4971"
            }
          ],
          "title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "assignerShortName": "Go",
        "cveId": "CVE-2026-39836",
        "datePublished": "2026-05-07T19:41:18.300Z",
        "dateReserved": "2026-04-07T18:13:03.529Z",
        "dateUpdated": "2026-05-08T21:30:15.127Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33811 (GCVE-0-2026-33811)

    Vulnerability from nvd – Published: 2026-05-07 19:41 – Updated: 2026-07-01 12:05
    VLAI
    Title
    Crash when handling long CNAME response in net
    Summary
    When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-415 - Double Free
    • CWE-1341 - Multiple Releases of Same Resource or Handle
    Assigner
    Go
    Impacted products
    Vendor Product Version
    Go standard library net Affected: 0 , < 1.25.10 (semver)
    Affected: 1.26.0-0 , < 1.26.3 (semver)
    Create a notification for this product.
    Red Hat Red Hat Developer Hub 1.9     cpe:/a:redhat:rhdh:1.9::el9
    Create a notification for this product.
    Red Hat Red Hat Hardened Images     cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift Service Mesh 3.0     cpe:/a:redhat:service_mesh:3.0::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Service Mesh 3.1     cpe:/a:redhat:service_mesh:3.1::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Service Mesh 3.2     cpe:/a:redhat:service_mesh:3.2::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Service Mesh 3.3     cpe:/a:redhat:service_mesh:3.3::el9
    Create a notification for this product.
    Red Hat Assisted Installer for Red Hat OpenShift Container Platform 2     cpe:/a:redhat:assisted_installer:2
    Create a notification for this product.
    Red Hat Builds for Red Hat OpenShift     cpe:/a:redhat:openshift_builds:1
    Create a notification for this product.
    Red Hat cert-manager Operator for Red Hat OpenShift     cpe:/a:redhat:cert_manager:1
    Create a notification for this product.
    Red Hat Compliance Operator     cpe:/a:redhat:openshift_compliance_operator:1
    Create a notification for this product.
    Red Hat Confidential Compute Attestation     cpe:/a:redhat:confidential_compute_attestation:1
    Create a notification for this product.
    Red Hat Cryostat 4     cpe:/a:redhat:cryostat:4
    Create a notification for this product.
    Red Hat Custom Metric Autoscaler operator for Red Hat Openshift     cpe:/a:redhat:openshift_custom_metrics_autoscaler:2
    Create a notification for this product.
    Red Hat Deployment Validation Operator     cpe:/a:redhat:deployment_validator_operator
    Create a notification for this product.
    Red Hat External Secrets Operator for Red Hat OpenShift     cpe:/a:redhat:external_secrets_operator:1
    Create a notification for this product.
    Red Hat Fence Agents Remediation Operator     cpe:/a:redhat:workload_availability_far:0
    Create a notification for this product.
    Red Hat File Integrity Operator     cpe:/a:redhat:openshift_file_integrity_operator:1
    Create a notification for this product.
    Red Hat Gatekeeper 3     cpe:/a:redhat:gatekeeper:3
    Create a notification for this product.
    Red Hat Logging Subsystem for Red Hat OpenShift     cpe:/a:redhat:logging:6
    Create a notification for this product.
    Red Hat Logical Volume Manager Storage     cpe:/a:redhat:lvms:4
    Create a notification for this product.
    Red Hat Machine Deletion Remediation Operator     cpe:/a:redhat:workload_availability_mdr:0
    Create a notification for this product.
    Red Hat Migration Toolkit for Applications 8     cpe:/a:redhat:migration_toolkit_applications:8
    Create a notification for this product.
    Red Hat Migration Toolkit for Containers     cpe:/a:redhat:rhmt:1
    Create a notification for this product.
    Red Hat mirror registry for Red Hat OpenShift     cpe:/a:redhat:mirror_registry:1
    Create a notification for this product.
    Red Hat mirror registry for Red Hat OpenShift 2     cpe:/a:redhat:mirror_registry:2
    Create a notification for this product.
    Red Hat Multiarch Tuning Operator     cpe:/a:redhat:multiarch_tuning_operator
    Create a notification for this product.
    Red Hat Multicluster Engine for Kubernetes     cpe:/a:redhat:multicluster_engine
    Create a notification for this product.
    Red Hat Multicluster Global Hub     cpe:/a:redhat:multicluster_globalhub
    Create a notification for this product.
    Red Hat Network Observability Operator     cpe:/a:redhat:network_observ_optr:1
    Create a notification for this product.
    Red Hat Node HealthCheck Operator     cpe:/a:redhat:workload_availability_nhc:0
    Create a notification for this product.
    Red Hat OpenShift API for Data Protection     cpe:/a:redhat:openshift_api_data_protection:1
    Create a notification for this product.
    Red Hat OpenShift Developer Tools and Services     cpe:/a:redhat:ocp_tools
    Create a notification for this product.
    Red Hat OpenShift Lightspeed     cpe:/a:redhat:openshift_lightspeed
    Create a notification for this product.
    Red Hat OpenShift Pipelines     cpe:/a:redhat:openshift_pipelines:1
    Create a notification for this product.
    Red Hat OpenShift Serverless     cpe:/a:redhat:serverless:1
    Create a notification for this product.
    Red Hat OpenShift Source-to-Image (S2I)     cpe:/a:redhat:source_to_image:1
    Create a notification for this product.
    Red Hat Power monitoring for Red Hat OpenShift     cpe:/a:redhat:openshift_power_monitoring
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Management for Kubernetes 2     cpe:/a:redhat:acm:2
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security 4     cpe:/a:redhat:advanced_cluster_security:4
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
    Create a notification for this product.
    Red Hat Red Hat build of Apicurio Registry 2     cpe:/a:redhat:service_registry:2
    Create a notification for this product.
    Red Hat Red Hat Ceph Storage 5     cpe:/a:redhat:ceph_storage:5
    Create a notification for this product.
    Red Hat Red Hat Ceph Storage 6     cpe:/a:redhat:ceph_storage:6
    Create a notification for this product.
    Red Hat Red Hat Ceph Storage 9     cpe:/a:redhat:ceph_storage:9
    Create a notification for this product.
    Red Hat Red Hat Certification Program for Red Hat Enterprise Linux 9     cpe:/a:redhat:certifications:9
    Create a notification for this product.
    Red Hat Red Hat Connectivity Link 1     cpe:/a:redhat:connectivity_link:1
    Create a notification for this product.
    Red Hat Red Hat Edge Manager 1     cpe:/a:redhat:edge_manager:1
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AI (RHEL AI) 3     cpe:/a:redhat:enterprise_linux_ai:3
    Create a notification for this product.
    Red Hat Red Hat Lightspeed for Runtimes Operator     cpe:/a:redhat:lightspeed_for_runtimes:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
    Create a notification for this product.
    Red Hat Red Hat OpenShift Cluster Manager CLI     cpe:/a:redhat:openshift_cluster_manager_cli:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Red Hat Red Hat Openshift Data Foundation 4     cpe:/a:redhat:openshift_data_foundation:4
    Create a notification for this product.
    Red Hat Red Hat OpenShift Dev Spaces     cpe:/a:redhat:openshift_devspaces:3
    Create a notification for this product.
    Red Hat Red Hat OpenShift Dev Workspaces Operator     cpe:/a:redhat:devworkspace
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3     cpe:/a:redhat:openshift_distributed_tracing:3
    Create a notification for this product.
    Red Hat Red Hat OpenShift for Windows Containers     cpe:/a:redhat:windows_machine_config
    Create a notification for this product.
    Red Hat Red Hat OpenShift GitOps     cpe:/a:redhat:openshift_gitops:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift on AWS     cpe:/a:redhat:openshift_service_on_aws:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift Virtualization 4     cpe:/a:redhat:container_native_virtualization:4
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 16.2     cpe:/a:redhat:openstack:16.2
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.1     cpe:/a:redhat:openstack:17.1
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 18.0     cpe:/a:redhat:openstack:18.0
    Create a notification for this product.
    Red Hat Red Hat Quay 3     cpe:/a:redhat:quay:3
    Create a notification for this product.
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Red Hat Red Hat Service Interconnect 1     cpe:/a:redhat:service_interconnect:1
    Create a notification for this product.
    Red Hat Red Hat Service Interconnect 2     cpe:/a:redhat:service_interconnect:2
    Create a notification for this product.
    Red Hat Red Hat Trusted Artifact Signer     cpe:/a:redhat:trusted_artifact_signer:1
    Create a notification for this product.
    Red Hat Red Hat Web Terminal     cpe:/a:redhat:webterminal:1
    Create a notification for this product.
    Red Hat Security Profiles Operator     cpe:/a:redhat:openshift_security_profiles_operator:1
    Create a notification for this product.
    Red Hat Service Telemetry Framework 1.5     cpe:/a:redhat:stf:1.5
    Create a notification for this product.
    Red Hat streams for Apache Kafka 3     cpe:/a:redhat:amq_streams:3
    Create a notification for this product.
    Red Hat Zero Trust Workload Identity Manager     cpe:/a:redhat:zero_trust_workload_identity_manager:1
    Create a notification for this product.
    Red Hat Zero Trust Workload Identity Manager - Tech Preview     cpe:/a:redhat:zero_trust_workload_identity_manager:0
    Create a notification for this product.
    Red Hat OpenShift Service Mesh 2     cpe:/a:redhat:service_mesh:2
    Create a notification for this product.
    Red Hat OpenShift Service Mesh 3     cpe:/a:redhat:service_mesh:3
    Create a notification for this product.
    Red Hat Red Hat 3scale API Management Platform 2     cpe:/a:redhat:red_hat_3scale_amp:2
    Create a notification for this product.
    Red Hat Red Hat AMQ Clients     cpe:/a:redhat:amq_clients:2023
    Create a notification for this product.
    Credits
    hamayanhamayan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33811",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-08T14:25:39.702568Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-08T14:25:43.896Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:rhdh:1.9::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Developer Hub 1.9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:hummingbird:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Hardened Images",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:3.0::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Service Mesh 3.0",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:3.1::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Service Mesh 3.1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:3.2::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Service Mesh 3.2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:3.3::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Service Mesh 3.3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:assisted_installer:2"
                ],
                "defaultStatus": "affected",
                "product": "Assisted Installer for Red Hat OpenShift Container Platform 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_builds:1"
                ],
                "defaultStatus": "affected",
                "product": "Builds for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:cert_manager:1"
                ],
                "defaultStatus": "affected",
                "product": "cert-manager Operator for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_compliance_operator:1"
                ],
                "defaultStatus": "affected",
                "product": "Compliance Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:confidential_compute_attestation:1"
                ],
                "defaultStatus": "affected",
                "product": "Confidential Compute Attestation",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:cryostat:4"
                ],
                "defaultStatus": "affected",
                "product": "Cryostat 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2"
                ],
                "defaultStatus": "affected",
                "product": "Custom Metric Autoscaler operator for Red Hat Openshift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:deployment_validator_operator"
                ],
                "defaultStatus": "affected",
                "product": "Deployment Validation Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:external_secrets_operator:1"
                ],
                "defaultStatus": "affected",
                "product": "External Secrets Operator for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:workload_availability_far:0"
                ],
                "defaultStatus": "affected",
                "product": "Fence Agents Remediation Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_file_integrity_operator:1"
                ],
                "defaultStatus": "affected",
                "product": "File Integrity Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:gatekeeper:3"
                ],
                "defaultStatus": "affected",
                "product": "Gatekeeper 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:logging:6"
                ],
                "defaultStatus": "affected",
                "product": "Logging Subsystem for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:lvms:4"
                ],
                "defaultStatus": "affected",
                "product": "Logical Volume Manager Storage",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:workload_availability_mdr:0"
                ],
                "defaultStatus": "affected",
                "product": "Machine Deletion Remediation Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:migration_toolkit_applications:8"
                ],
                "defaultStatus": "affected",
                "product": "Migration Toolkit for Applications 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhmt:1"
                ],
                "defaultStatus": "affected",
                "product": "Migration Toolkit for Containers",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:mirror_registry:1"
                ],
                "defaultStatus": "affected",
                "product": "mirror registry for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:mirror_registry:2"
                ],
                "defaultStatus": "affected",
                "product": "mirror registry for Red Hat OpenShift 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multiarch_tuning_operator"
                ],
                "defaultStatus": "affected",
                "product": "Multiarch Tuning Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_engine"
                ],
                "defaultStatus": "affected",
                "product": "Multicluster Engine for Kubernetes",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_globalhub"
                ],
                "defaultStatus": "affected",
                "product": "Multicluster Global Hub",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:network_observ_optr:1"
                ],
                "defaultStatus": "affected",
                "product": "Network Observability Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:workload_availability_nhc:0"
                ],
                "defaultStatus": "affected",
                "product": "Node HealthCheck Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_api_data_protection:1"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift API for Data Protection",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ocp_tools"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Developer Tools and Services",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_lightspeed"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Lightspeed",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_pipelines:1"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Pipelines",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:serverless:1"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Serverless",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:source_to_image:1"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Source-to-Image (S2I)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_power_monitoring"
                ],
                "defaultStatus": "affected",
                "product": "Power monitoring for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:acm:2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Management for Kubernetes 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Security 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ansible Automation Platform 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_registry:2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat build of Apicurio Registry 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ceph_storage:5"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ceph Storage 5",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ceph_storage:6"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ceph Storage 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ceph_storage:9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ceph Storage 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:certifications:9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Certification Program for Red Hat Enterprise Linux 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:connectivity_link:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Connectivity Link 1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:edge_manager:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Edge Manager 1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux_ai:3"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:lightspeed_for_runtimes:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Lightspeed for Runtimes Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_cluster_manager_cli:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Cluster Manager CLI",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_data_foundation:4"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Openshift Data Foundation 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_devspaces:3"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Dev Spaces",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:devworkspace"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Dev Workspaces Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_distributed_tracing:3"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift distributed tracing 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:windows_machine_config"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift for Windows Containers",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift GitOps",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_service_on_aws:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift on AWS",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:container_native_virtualization:4"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Virtualization 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openstack:16.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenStack Platform 16.2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openstack:17.1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenStack Platform 17.1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openstack:18.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenStack Platform 18.0",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:satellite:6"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Satellite 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_interconnect:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Service Interconnect 1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_interconnect:2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Service Interconnect 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:trusted_artifact_signer:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Trusted Artifact Signer",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:webterminal:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Web Terminal",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_security_profiles_operator:1"
                ],
                "defaultStatus": "affected",
                "product": "Security Profiles Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:stf:1.5"
                ],
                "defaultStatus": "affected",
                "product": "Service Telemetry Framework 1.5",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:amq_streams:3"
                ],
                "defaultStatus": "affected",
                "product": "streams for Apache Kafka 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:zero_trust_workload_identity_manager:1"
                ],
                "defaultStatus": "affected",
                "product": "Zero Trust Workload Identity Manager",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:zero_trust_workload_identity_manager:0"
                ],
                "defaultStatus": "affected",
                "product": "Zero Trust Workload Identity Manager - Tech Preview",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:2"
                ],
                "defaultStatus": "unaffected",
                "product": "OpenShift Service Mesh 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:3"
                ],
                "defaultStatus": "unaffected",
                "product": "OpenShift Service Mesh 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:red_hat_3scale_amp:2"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat 3scale API Management Platform 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:amq_clients:2023"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat AMQ Clients",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-05-07T19:41:19.285Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in the `net` package of Go (golang), specifically when using the `LookupCNAME` function with the `cgo` DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name (CNAME) response. This can trigger a double-free of C memory, leading to a crash and a Denial of Service (DoS) for the affected application."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-1341",
                    "description": "Multiple Releases of Same Resource or Handle",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T12:05:11.545Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-33811"
              },
              {
                "name": "RHBZ#2467822",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467822"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33811.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33574"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:23262"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:23264"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33120"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33123"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33142"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33150"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:33574: Red Hat Developer Hub 1.9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:23262: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:23264: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33120: Red Hat OpenShift Service Mesh 3.0"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33123: Red Hat OpenShift Service Mesh 3.1"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33142: Red Hat OpenShift Service Mesh 3.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33150: Red Hat OpenShift Service Mesh 3.3"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-05-07T20:01:34.913Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-05-07T19:41:19.285Z",
                "value": "Made public."
              }
            ],
            "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME",
            "workarounds": [
              {
                "lang": "en",
                "value": "To mitigate this issue, applications can be configured to use the pure Go DNS resolver instead of the `cgo` DNS resolver. This can be achieved by setting the `GODEBUG` environment variable to `netdns=go`. For example, to run a Go application with this mitigation: `GODEBUG=netdns=go /path/to/your/go/application`. This change may require restarting affected applications or services to take effect. Users should verify that this change does not negatively impact DNS resolution for their specific application environment."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "net",
              "product": "net",
              "programRoutines": [
                {
                  "name": "cgoResSearch"
                },
                {
                  "name": "LookupCNAME"
                },
                {
                  "name": "Resolver.LookupCNAME"
                }
              ],
              "vendor": "Go standard library",
              "versions": [
                {
                  "lessThan": "1.25.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.26.3",
                  "status": "affected",
                  "version": "1.26.0-0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "hamayanhamayan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-415: Double Free",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-07T19:41:19.285Z",
            "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
            "shortName": "Go"
          },
          "references": [
            {
              "url": "https://go.dev/issue/78803"
            },
            {
              "url": "https://go.dev/cl/767860"
            },
            {
              "url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
            },
            {
              "url": "https://pkg.go.dev/vuln/GO-2026-4981"
            }
          ],
          "title": "Crash when handling long CNAME response in net"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "assignerShortName": "Go",
        "cveId": "CVE-2026-33811",
        "datePublished": "2026-05-07T19:41:19.285Z",
        "dateReserved": "2026-03-23T20:35:32.814Z",
        "dateUpdated": "2026-07-01T12:05:11.545Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-24788 (GCVE-0-2024-24788)

    Vulnerability from nvd – Published: 2024-05-08 15:31 – Updated: 2025-02-13 17:40
    VLAI
    Title
    Malformed DNS message can cause infinite loop in net
    Summary
    A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE 400: Uncontrolled Resource Consumption
    • CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
    Assigner
    Go
    Impacted products
    Vendor Product Version
    Go standard library net Affected: 1.22.0-0 , < 1.22.3 (semver)
    Create a notification for this product.
    Credits
    @long-name-let-people-remember-you Mateusz Poliwczak
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 5.9,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-24788",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-12T19:38:26.198197Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-835",
                    "description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-21T15:42:56.985Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T23:28:12.532Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.dev/issue/66754"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.dev/cl/578375"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://groups.google.com/g/golang-announce/c/wkkO4P9stm0"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://pkg.go.dev/vuln/GO-2024-2824"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/05/08/3"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240605-0002/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240614-0001/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "net",
              "product": "net",
              "programRoutines": [
                {
                  "name": "extractExtendedRCode"
                },
                {
                  "name": "Dial"
                },
                {
                  "name": "DialTimeout"
                },
                {
                  "name": "Dialer.Dial"
                },
                {
                  "name": "Dialer.DialContext"
                },
                {
                  "name": "Listen"
                },
                {
                  "name": "ListenConfig.Listen"
                },
                {
                  "name": "ListenConfig.ListenPacket"
                },
                {
                  "name": "ListenPacket"
                },
                {
                  "name": "LookupAddr"
                },
                {
                  "name": "LookupCNAME"
                },
                {
                  "name": "LookupHost"
                },
                {
                  "name": "LookupIP"
                },
                {
                  "name": "LookupMX"
                },
                {
                  "name": "LookupNS"
                },
                {
                  "name": "LookupSRV"
                },
                {
                  "name": "LookupTXT"
                },
                {
                  "name": "ResolveIPAddr"
                },
                {
                  "name": "ResolveTCPAddr"
                },
                {
                  "name": "ResolveUDPAddr"
                },
                {
                  "name": "Resolver.LookupAddr"
                },
                {
                  "name": "Resolver.LookupCNAME"
                },
                {
                  "name": "Resolver.LookupHost"
                },
                {
                  "name": "Resolver.LookupIP"
                },
                {
                  "name": "Resolver.LookupIPAddr"
                },
                {
                  "name": "Resolver.LookupMX"
                },
                {
                  "name": "Resolver.LookupNS"
                },
                {
                  "name": "Resolver.LookupNetIP"
                },
                {
                  "name": "Resolver.LookupSRV"
                },
                {
                  "name": "Resolver.LookupTXT"
                }
              ],
              "vendor": "Go standard library",
              "versions": [
                {
                  "lessThan": "1.22.3",
                  "status": "affected",
                  "version": "1.22.0-0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "@long-name-let-people-remember-you"
            },
            {
              "lang": "en",
              "value": "Mateusz Poliwczak"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE 400: Uncontrolled Resource Consumption",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-14T13:06:06.195Z",
            "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
            "shortName": "Go"
          },
          "references": [
            {
              "url": "https://go.dev/issue/66754"
            },
            {
              "url": "https://go.dev/cl/578375"
            },
            {
              "url": "https://groups.google.com/g/golang-announce/c/wkkO4P9stm0"
            },
            {
              "url": "https://pkg.go.dev/vuln/GO-2024-2824"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2024/05/08/3"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240605-0002/"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240614-0001/"
            }
          ],
          "title": "Malformed DNS message can cause infinite loop in net"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "assignerShortName": "Go",
        "cveId": "CVE-2024-24788",
        "datePublished": "2024-05-08T15:31:11.619Z",
        "dateReserved": "2024-01-30T16:05:14.758Z",
        "dateUpdated": "2025-02-13T17:40:27.179Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-33811 (GCVE-0-2026-33811)

    Vulnerability from cvelistv5 – Published: 2026-05-07 19:41 – Updated: 2026-07-01 12:05
    VLAI
    Title
    Crash when handling long CNAME response in net
    Summary
    When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-415 - Double Free
    • CWE-1341 - Multiple Releases of Same Resource or Handle
    Assigner
    Go
    Impacted products
    Vendor Product Version
    Go standard library net Affected: 0 , < 1.25.10 (semver)
    Affected: 1.26.0-0 , < 1.26.3 (semver)
    Create a notification for this product.
    Red Hat Red Hat Developer Hub 1.9     cpe:/a:redhat:rhdh:1.9::el9
    Create a notification for this product.
    Red Hat Red Hat Hardened Images     cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift Service Mesh 3.0     cpe:/a:redhat:service_mesh:3.0::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Service Mesh 3.1     cpe:/a:redhat:service_mesh:3.1::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Service Mesh 3.2     cpe:/a:redhat:service_mesh:3.2::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Service Mesh 3.3     cpe:/a:redhat:service_mesh:3.3::el9
    Create a notification for this product.
    Red Hat Assisted Installer for Red Hat OpenShift Container Platform 2     cpe:/a:redhat:assisted_installer:2
    Create a notification for this product.
    Red Hat Builds for Red Hat OpenShift     cpe:/a:redhat:openshift_builds:1
    Create a notification for this product.
    Red Hat cert-manager Operator for Red Hat OpenShift     cpe:/a:redhat:cert_manager:1
    Create a notification for this product.
    Red Hat Compliance Operator     cpe:/a:redhat:openshift_compliance_operator:1
    Create a notification for this product.
    Red Hat Confidential Compute Attestation     cpe:/a:redhat:confidential_compute_attestation:1
    Create a notification for this product.
    Red Hat Cryostat 4     cpe:/a:redhat:cryostat:4
    Create a notification for this product.
    Red Hat Custom Metric Autoscaler operator for Red Hat Openshift     cpe:/a:redhat:openshift_custom_metrics_autoscaler:2
    Create a notification for this product.
    Red Hat Deployment Validation Operator     cpe:/a:redhat:deployment_validator_operator
    Create a notification for this product.
    Red Hat External Secrets Operator for Red Hat OpenShift     cpe:/a:redhat:external_secrets_operator:1
    Create a notification for this product.
    Red Hat Fence Agents Remediation Operator     cpe:/a:redhat:workload_availability_far:0
    Create a notification for this product.
    Red Hat File Integrity Operator     cpe:/a:redhat:openshift_file_integrity_operator:1
    Create a notification for this product.
    Red Hat Gatekeeper 3     cpe:/a:redhat:gatekeeper:3
    Create a notification for this product.
    Red Hat Logging Subsystem for Red Hat OpenShift     cpe:/a:redhat:logging:6
    Create a notification for this product.
    Red Hat Logical Volume Manager Storage     cpe:/a:redhat:lvms:4
    Create a notification for this product.
    Red Hat Machine Deletion Remediation Operator     cpe:/a:redhat:workload_availability_mdr:0
    Create a notification for this product.
    Red Hat Migration Toolkit for Applications 8     cpe:/a:redhat:migration_toolkit_applications:8
    Create a notification for this product.
    Red Hat Migration Toolkit for Containers     cpe:/a:redhat:rhmt:1
    Create a notification for this product.
    Red Hat mirror registry for Red Hat OpenShift     cpe:/a:redhat:mirror_registry:1
    Create a notification for this product.
    Red Hat mirror registry for Red Hat OpenShift 2     cpe:/a:redhat:mirror_registry:2
    Create a notification for this product.
    Red Hat Multiarch Tuning Operator     cpe:/a:redhat:multiarch_tuning_operator
    Create a notification for this product.
    Red Hat Multicluster Engine for Kubernetes     cpe:/a:redhat:multicluster_engine
    Create a notification for this product.
    Red Hat Multicluster Global Hub     cpe:/a:redhat:multicluster_globalhub
    Create a notification for this product.
    Red Hat Network Observability Operator     cpe:/a:redhat:network_observ_optr:1
    Create a notification for this product.
    Red Hat Node HealthCheck Operator     cpe:/a:redhat:workload_availability_nhc:0
    Create a notification for this product.
    Red Hat OpenShift API for Data Protection     cpe:/a:redhat:openshift_api_data_protection:1
    Create a notification for this product.
    Red Hat OpenShift Developer Tools and Services     cpe:/a:redhat:ocp_tools
    Create a notification for this product.
    Red Hat OpenShift Lightspeed     cpe:/a:redhat:openshift_lightspeed
    Create a notification for this product.
    Red Hat OpenShift Pipelines     cpe:/a:redhat:openshift_pipelines:1
    Create a notification for this product.
    Red Hat OpenShift Serverless     cpe:/a:redhat:serverless:1
    Create a notification for this product.
    Red Hat OpenShift Source-to-Image (S2I)     cpe:/a:redhat:source_to_image:1
    Create a notification for this product.
    Red Hat Power monitoring for Red Hat OpenShift     cpe:/a:redhat:openshift_power_monitoring
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Management for Kubernetes 2     cpe:/a:redhat:acm:2
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security 4     cpe:/a:redhat:advanced_cluster_security:4
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
    Create a notification for this product.
    Red Hat Red Hat build of Apicurio Registry 2     cpe:/a:redhat:service_registry:2
    Create a notification for this product.
    Red Hat Red Hat Ceph Storage 5     cpe:/a:redhat:ceph_storage:5
    Create a notification for this product.
    Red Hat Red Hat Ceph Storage 6     cpe:/a:redhat:ceph_storage:6
    Create a notification for this product.
    Red Hat Red Hat Ceph Storage 9     cpe:/a:redhat:ceph_storage:9
    Create a notification for this product.
    Red Hat Red Hat Certification Program for Red Hat Enterprise Linux 9     cpe:/a:redhat:certifications:9
    Create a notification for this product.
    Red Hat Red Hat Connectivity Link 1     cpe:/a:redhat:connectivity_link:1
    Create a notification for this product.
    Red Hat Red Hat Edge Manager 1     cpe:/a:redhat:edge_manager:1
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AI (RHEL AI) 3     cpe:/a:redhat:enterprise_linux_ai:3
    Create a notification for this product.
    Red Hat Red Hat Lightspeed for Runtimes Operator     cpe:/a:redhat:lightspeed_for_runtimes:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
    Create a notification for this product.
    Red Hat Red Hat OpenShift Cluster Manager CLI     cpe:/a:redhat:openshift_cluster_manager_cli:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Red Hat Red Hat Openshift Data Foundation 4     cpe:/a:redhat:openshift_data_foundation:4
    Create a notification for this product.
    Red Hat Red Hat OpenShift Dev Spaces     cpe:/a:redhat:openshift_devspaces:3
    Create a notification for this product.
    Red Hat Red Hat OpenShift Dev Workspaces Operator     cpe:/a:redhat:devworkspace
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3     cpe:/a:redhat:openshift_distributed_tracing:3
    Create a notification for this product.
    Red Hat Red Hat OpenShift for Windows Containers     cpe:/a:redhat:windows_machine_config
    Create a notification for this product.
    Red Hat Red Hat OpenShift GitOps     cpe:/a:redhat:openshift_gitops:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift on AWS     cpe:/a:redhat:openshift_service_on_aws:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift Virtualization 4     cpe:/a:redhat:container_native_virtualization:4
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 16.2     cpe:/a:redhat:openstack:16.2
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.1     cpe:/a:redhat:openstack:17.1
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 18.0     cpe:/a:redhat:openstack:18.0
    Create a notification for this product.
    Red Hat Red Hat Quay 3     cpe:/a:redhat:quay:3
    Create a notification for this product.
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Red Hat Red Hat Service Interconnect 1     cpe:/a:redhat:service_interconnect:1
    Create a notification for this product.
    Red Hat Red Hat Service Interconnect 2     cpe:/a:redhat:service_interconnect:2
    Create a notification for this product.
    Red Hat Red Hat Trusted Artifact Signer     cpe:/a:redhat:trusted_artifact_signer:1
    Create a notification for this product.
    Red Hat Red Hat Web Terminal     cpe:/a:redhat:webterminal:1
    Create a notification for this product.
    Red Hat Security Profiles Operator     cpe:/a:redhat:openshift_security_profiles_operator:1
    Create a notification for this product.
    Red Hat Service Telemetry Framework 1.5     cpe:/a:redhat:stf:1.5
    Create a notification for this product.
    Red Hat streams for Apache Kafka 3     cpe:/a:redhat:amq_streams:3
    Create a notification for this product.
    Red Hat Zero Trust Workload Identity Manager     cpe:/a:redhat:zero_trust_workload_identity_manager:1
    Create a notification for this product.
    Red Hat Zero Trust Workload Identity Manager - Tech Preview     cpe:/a:redhat:zero_trust_workload_identity_manager:0
    Create a notification for this product.
    Red Hat OpenShift Service Mesh 2     cpe:/a:redhat:service_mesh:2
    Create a notification for this product.
    Red Hat OpenShift Service Mesh 3     cpe:/a:redhat:service_mesh:3
    Create a notification for this product.
    Red Hat Red Hat 3scale API Management Platform 2     cpe:/a:redhat:red_hat_3scale_amp:2
    Create a notification for this product.
    Red Hat Red Hat AMQ Clients     cpe:/a:redhat:amq_clients:2023
    Create a notification for this product.
    Credits
    hamayanhamayan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33811",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-08T14:25:39.702568Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-08T14:25:43.896Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:rhdh:1.9::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Developer Hub 1.9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:hummingbird:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Hardened Images",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:3.0::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Service Mesh 3.0",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:3.1::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Service Mesh 3.1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:3.2::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Service Mesh 3.2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:3.3::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Service Mesh 3.3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:assisted_installer:2"
                ],
                "defaultStatus": "affected",
                "product": "Assisted Installer for Red Hat OpenShift Container Platform 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_builds:1"
                ],
                "defaultStatus": "affected",
                "product": "Builds for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:cert_manager:1"
                ],
                "defaultStatus": "affected",
                "product": "cert-manager Operator for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_compliance_operator:1"
                ],
                "defaultStatus": "affected",
                "product": "Compliance Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:confidential_compute_attestation:1"
                ],
                "defaultStatus": "affected",
                "product": "Confidential Compute Attestation",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:cryostat:4"
                ],
                "defaultStatus": "affected",
                "product": "Cryostat 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2"
                ],
                "defaultStatus": "affected",
                "product": "Custom Metric Autoscaler operator for Red Hat Openshift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:deployment_validator_operator"
                ],
                "defaultStatus": "affected",
                "product": "Deployment Validation Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:external_secrets_operator:1"
                ],
                "defaultStatus": "affected",
                "product": "External Secrets Operator for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:workload_availability_far:0"
                ],
                "defaultStatus": "affected",
                "product": "Fence Agents Remediation Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_file_integrity_operator:1"
                ],
                "defaultStatus": "affected",
                "product": "File Integrity Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:gatekeeper:3"
                ],
                "defaultStatus": "affected",
                "product": "Gatekeeper 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:logging:6"
                ],
                "defaultStatus": "affected",
                "product": "Logging Subsystem for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:lvms:4"
                ],
                "defaultStatus": "affected",
                "product": "Logical Volume Manager Storage",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:workload_availability_mdr:0"
                ],
                "defaultStatus": "affected",
                "product": "Machine Deletion Remediation Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:migration_toolkit_applications:8"
                ],
                "defaultStatus": "affected",
                "product": "Migration Toolkit for Applications 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhmt:1"
                ],
                "defaultStatus": "affected",
                "product": "Migration Toolkit for Containers",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:mirror_registry:1"
                ],
                "defaultStatus": "affected",
                "product": "mirror registry for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:mirror_registry:2"
                ],
                "defaultStatus": "affected",
                "product": "mirror registry for Red Hat OpenShift 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multiarch_tuning_operator"
                ],
                "defaultStatus": "affected",
                "product": "Multiarch Tuning Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_engine"
                ],
                "defaultStatus": "affected",
                "product": "Multicluster Engine for Kubernetes",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_globalhub"
                ],
                "defaultStatus": "affected",
                "product": "Multicluster Global Hub",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:network_observ_optr:1"
                ],
                "defaultStatus": "affected",
                "product": "Network Observability Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:workload_availability_nhc:0"
                ],
                "defaultStatus": "affected",
                "product": "Node HealthCheck Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_api_data_protection:1"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift API for Data Protection",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ocp_tools"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Developer Tools and Services",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_lightspeed"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Lightspeed",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_pipelines:1"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Pipelines",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:serverless:1"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Serverless",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:source_to_image:1"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Source-to-Image (S2I)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_power_monitoring"
                ],
                "defaultStatus": "affected",
                "product": "Power monitoring for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:acm:2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Management for Kubernetes 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Security 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ansible Automation Platform 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_registry:2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat build of Apicurio Registry 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ceph_storage:5"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ceph Storage 5",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ceph_storage:6"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ceph Storage 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ceph_storage:9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ceph Storage 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:certifications:9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Certification Program for Red Hat Enterprise Linux 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:connectivity_link:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Connectivity Link 1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:edge_manager:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Edge Manager 1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux_ai:3"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:lightspeed_for_runtimes:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Lightspeed for Runtimes Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_cluster_manager_cli:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Cluster Manager CLI",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_data_foundation:4"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Openshift Data Foundation 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_devspaces:3"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Dev Spaces",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:devworkspace"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Dev Workspaces Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_distributed_tracing:3"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift distributed tracing 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:windows_machine_config"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift for Windows Containers",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift GitOps",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_service_on_aws:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift on AWS",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:container_native_virtualization:4"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Virtualization 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openstack:16.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenStack Platform 16.2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openstack:17.1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenStack Platform 17.1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openstack:18.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenStack Platform 18.0",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:satellite:6"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Satellite 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_interconnect:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Service Interconnect 1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_interconnect:2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Service Interconnect 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:trusted_artifact_signer:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Trusted Artifact Signer",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:webterminal:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Web Terminal",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_security_profiles_operator:1"
                ],
                "defaultStatus": "affected",
                "product": "Security Profiles Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:stf:1.5"
                ],
                "defaultStatus": "affected",
                "product": "Service Telemetry Framework 1.5",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:amq_streams:3"
                ],
                "defaultStatus": "affected",
                "product": "streams for Apache Kafka 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:zero_trust_workload_identity_manager:1"
                ],
                "defaultStatus": "affected",
                "product": "Zero Trust Workload Identity Manager",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:zero_trust_workload_identity_manager:0"
                ],
                "defaultStatus": "affected",
                "product": "Zero Trust Workload Identity Manager - Tech Preview",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:2"
                ],
                "defaultStatus": "unaffected",
                "product": "OpenShift Service Mesh 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:3"
                ],
                "defaultStatus": "unaffected",
                "product": "OpenShift Service Mesh 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:red_hat_3scale_amp:2"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat 3scale API Management Platform 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:amq_clients:2023"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat AMQ Clients",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-05-07T19:41:19.285Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in the `net` package of Go (golang), specifically when using the `LookupCNAME` function with the `cgo` DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name (CNAME) response. This can trigger a double-free of C memory, leading to a crash and a Denial of Service (DoS) for the affected application."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-1341",
                    "description": "Multiple Releases of Same Resource or Handle",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T12:05:11.545Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-33811"
              },
              {
                "name": "RHBZ#2467822",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467822"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33811.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33574"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:23262"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:23264"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33120"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33123"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33142"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33150"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:33574: Red Hat Developer Hub 1.9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:23262: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:23264: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33120: Red Hat OpenShift Service Mesh 3.0"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33123: Red Hat OpenShift Service Mesh 3.1"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33142: Red Hat OpenShift Service Mesh 3.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33150: Red Hat OpenShift Service Mesh 3.3"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-05-07T20:01:34.913Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-05-07T19:41:19.285Z",
                "value": "Made public."
              }
            ],
            "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME",
            "workarounds": [
              {
                "lang": "en",
                "value": "To mitigate this issue, applications can be configured to use the pure Go DNS resolver instead of the `cgo` DNS resolver. This can be achieved by setting the `GODEBUG` environment variable to `netdns=go`. For example, to run a Go application with this mitigation: `GODEBUG=netdns=go /path/to/your/go/application`. This change may require restarting affected applications or services to take effect. Users should verify that this change does not negatively impact DNS resolution for their specific application environment."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "net",
              "product": "net",
              "programRoutines": [
                {
                  "name": "cgoResSearch"
                },
                {
                  "name": "LookupCNAME"
                },
                {
                  "name": "Resolver.LookupCNAME"
                }
              ],
              "vendor": "Go standard library",
              "versions": [
                {
                  "lessThan": "1.25.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.26.3",
                  "status": "affected",
                  "version": "1.26.0-0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "hamayanhamayan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-415: Double Free",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-07T19:41:19.285Z",
            "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
            "shortName": "Go"
          },
          "references": [
            {
              "url": "https://go.dev/issue/78803"
            },
            {
              "url": "https://go.dev/cl/767860"
            },
            {
              "url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
            },
            {
              "url": "https://pkg.go.dev/vuln/GO-2026-4981"
            }
          ],
          "title": "Crash when handling long CNAME response in net"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "assignerShortName": "Go",
        "cveId": "CVE-2026-33811",
        "datePublished": "2026-05-07T19:41:19.285Z",
        "dateReserved": "2026-03-23T20:35:32.814Z",
        "dateUpdated": "2026-07-01T12:05:11.545Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-39836 (GCVE-0-2026-39836)

    Vulnerability from cvelistv5 – Published: 2026-05-07 19:41 – Updated: 2026-05-08 21:30
    VLAI
    Title
    Panic in Dial and LookupPort when handling NUL byte on Windows in net
    Summary
    The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Go
    Impacted products
    Vendor Product Version
    Go standard library net Affected: 0 , < 1.25.10 (semver)
    Affected: 1.26.0-0 , < 1.26.3 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-39836",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-08T16:36:25.079035Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-08T21:30:15.127Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "net",
              "product": "net",
              "programRoutines": [
                {
                  "name": "Resolver.lookupPort"
                },
                {
                  "name": "Resolver.lookupAddr"
                },
                {
                  "name": "Resolver.lookupTXT"
                },
                {
                  "name": "Resolver.lookupNS"
                },
                {
                  "name": "Resolver.lookupMX"
                },
                {
                  "name": "Resolver.lookupSRV"
                },
                {
                  "name": "Dial"
                },
                {
                  "name": "DialTimeout"
                },
                {
                  "name": "Dialer.Dial"
                },
                {
                  "name": "Dialer.DialContext"
                },
                {
                  "name": "Listen"
                },
                {
                  "name": "ListenConfig.Listen"
                },
                {
                  "name": "ListenConfig.ListenPacket"
                },
                {
                  "name": "ListenPacket"
                },
                {
                  "name": "LookupAddr"
                },
                {
                  "name": "LookupCNAME"
                },
                {
                  "name": "LookupHost"
                },
                {
                  "name": "LookupIP"
                },
                {
                  "name": "LookupMX"
                },
                {
                  "name": "LookupNS"
                },
                {
                  "name": "LookupPort"
                },
                {
                  "name": "LookupSRV"
                },
                {
                  "name": "LookupTXT"
                },
                {
                  "name": "ResolveIPAddr"
                },
                {
                  "name": "ResolveTCPAddr"
                },
                {
                  "name": "ResolveUDPAddr"
                },
                {
                  "name": "Resolver.LookupAddr"
                },
                {
                  "name": "Resolver.LookupCNAME"
                },
                {
                  "name": "Resolver.LookupHost"
                },
                {
                  "name": "Resolver.LookupIP"
                },
                {
                  "name": "Resolver.LookupIPAddr"
                },
                {
                  "name": "Resolver.LookupMX"
                },
                {
                  "name": "Resolver.LookupNS"
                },
                {
                  "name": "Resolver.LookupNetIP"
                },
                {
                  "name": "Resolver.LookupPort"
                },
                {
                  "name": "Resolver.LookupSRV"
                },
                {
                  "name": "Resolver.LookupTXT"
                }
              ],
              "vendor": "Go standard library",
              "versions": [
                {
                  "lessThan": "1.25.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.26.3",
                  "status": "affected",
                  "version": "1.26.0-0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-248: Uncaught Exception",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-07T19:41:18.300Z",
            "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
            "shortName": "Go"
          },
          "references": [
            {
              "url": "https://go.dev/issue/79006"
            },
            {
              "url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
            },
            {
              "url": "https://go.dev/cl/775320"
            },
            {
              "url": "https://pkg.go.dev/vuln/GO-2026-4971"
            }
          ],
          "title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "assignerShortName": "Go",
        "cveId": "CVE-2026-39836",
        "datePublished": "2026-05-07T19:41:18.300Z",
        "dateReserved": "2026-04-07T18:13:03.529Z",
        "dateUpdated": "2026-05-08T21:30:15.127Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-24788 (GCVE-0-2024-24788)

    Vulnerability from cvelistv5 – Published: 2024-05-08 15:31 – Updated: 2025-02-13 17:40
    VLAI
    Title
    Malformed DNS message can cause infinite loop in net
    Summary
    A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE 400: Uncontrolled Resource Consumption
    • CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
    Assigner
    Go
    Impacted products
    Vendor Product Version
    Go standard library net Affected: 1.22.0-0 , < 1.22.3 (semver)
    Create a notification for this product.
    Credits
    @long-name-let-people-remember-you Mateusz Poliwczak
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 5.9,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-24788",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-12T19:38:26.198197Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-835",
                    "description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-21T15:42:56.985Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T23:28:12.532Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.dev/issue/66754"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://go.dev/cl/578375"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://groups.google.com/g/golang-announce/c/wkkO4P9stm0"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://pkg.go.dev/vuln/GO-2024-2824"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/05/08/3"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240605-0002/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240614-0001/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "net",
              "product": "net",
              "programRoutines": [
                {
                  "name": "extractExtendedRCode"
                },
                {
                  "name": "Dial"
                },
                {
                  "name": "DialTimeout"
                },
                {
                  "name": "Dialer.Dial"
                },
                {
                  "name": "Dialer.DialContext"
                },
                {
                  "name": "Listen"
                },
                {
                  "name": "ListenConfig.Listen"
                },
                {
                  "name": "ListenConfig.ListenPacket"
                },
                {
                  "name": "ListenPacket"
                },
                {
                  "name": "LookupAddr"
                },
                {
                  "name": "LookupCNAME"
                },
                {
                  "name": "LookupHost"
                },
                {
                  "name": "LookupIP"
                },
                {
                  "name": "LookupMX"
                },
                {
                  "name": "LookupNS"
                },
                {
                  "name": "LookupSRV"
                },
                {
                  "name": "LookupTXT"
                },
                {
                  "name": "ResolveIPAddr"
                },
                {
                  "name": "ResolveTCPAddr"
                },
                {
                  "name": "ResolveUDPAddr"
                },
                {
                  "name": "Resolver.LookupAddr"
                },
                {
                  "name": "Resolver.LookupCNAME"
                },
                {
                  "name": "Resolver.LookupHost"
                },
                {
                  "name": "Resolver.LookupIP"
                },
                {
                  "name": "Resolver.LookupIPAddr"
                },
                {
                  "name": "Resolver.LookupMX"
                },
                {
                  "name": "Resolver.LookupNS"
                },
                {
                  "name": "Resolver.LookupNetIP"
                },
                {
                  "name": "Resolver.LookupSRV"
                },
                {
                  "name": "Resolver.LookupTXT"
                }
              ],
              "vendor": "Go standard library",
              "versions": [
                {
                  "lessThan": "1.22.3",
                  "status": "affected",
                  "version": "1.22.0-0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "@long-name-let-people-remember-you"
            },
            {
              "lang": "en",
              "value": "Mateusz Poliwczak"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE 400: Uncontrolled Resource Consumption",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-14T13:06:06.195Z",
            "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
            "shortName": "Go"
          },
          "references": [
            {
              "url": "https://go.dev/issue/66754"
            },
            {
              "url": "https://go.dev/cl/578375"
            },
            {
              "url": "https://groups.google.com/g/golang-announce/c/wkkO4P9stm0"
            },
            {
              "url": "https://pkg.go.dev/vuln/GO-2024-2824"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2024/05/08/3"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240605-0002/"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240614-0001/"
            }
          ],
          "title": "Malformed DNS message can cause infinite loop in net"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "assignerShortName": "Go",
        "cveId": "CVE-2024-24788",
        "datePublished": "2024-05-08T15:31:11.619Z",
        "dateReserved": "2024-01-30T16:05:14.758Z",
        "dateUpdated": "2025-02-13T17:40:27.179Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }