{"id":"GO-2024-3105","summary":"Stack exhaustion in all Parse functions in go/parser","details":"Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.","aliases":["BIT-golang-2024-34155","CVE-2024-34155"],"modified":"2026-02-24T16:29:04.364011Z","published":"2024-09-06T19:15:23Z","related":["CGA-xc4m-wx96-8cfw","RHSA-2024:6908","RHSA-2024:6913","RHSA-2024:8038","RHSA-2024:8039","RHSA-2024:8112","RHSA-2024:8232","RHSA-2024:8263","RHSA-2024:8428","RHSA-2024:8690","RHSA-2024:8694","RHSA-2024:8700","RHSA-2024:9454","RHSA-2024:9459"],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2024-3105","review_status":"REVIEWED"},"references":[{"type":"FIX","url":"https://go.dev/cl/611238"},{"type":"REPORT","url":"https://go.dev/issue/69138"},{"type":"WEB","url":"https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"}],"affected":[{"package":{"name":"stdlib","ecosystem":"Go","purl":"pkg:golang/stdlib"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.22.7"},{"introduced":"1.23.0-0"},{"fixed":"1.23.1"}]}],"ecosystem_specific":{"imports":[{"symbols":["ParseDir","ParseExpr","ParseExprFrom","ParseFile","parser.parseLiteralValue"],"path":"go/parser"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2024-3105.json"}}],"schema_version":"1.7.3"}