{"id":"USN-7197-1","summary":"golang-golang-x-net vulnerability","details":"Guido Vranken discovered that Go Networking handled input to the Parse\nfunctions inefficiently. An attacker could possibly use this issue to\ncause denial of service. This update addresses the issue in the\ngolang-golang-x-net and golang-golang-x-net-dev packages, as well as the\nlibrary vendored within adsys and juju-core.\n","modified":"2026-04-27T17:35:18.959473Z","published":"2025-01-09T16:31:08Z","related":["UBUNTU-CVE-2024-45338"],"upstream":["CVE-2024-45338","UBUNTU-CVE-2024-45338"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7197-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-45338"}],"affected":[{"package":{"name":"golang-golang-x-net-dev","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/golang-golang-x-net-dev@1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm1?arch=source&distro=esm-infra/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm1"}]}],"versions":["0.0+git20150226.3d87fd6-3","0.0+git20151007.b846920+dfsg-1","1:0.0+git20150817.66f0418-1","1:0.0+git20160110.4fd4a9f-1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro","binaries":[{"binary_name":"golang-go.net-dev","binary_version":"1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm1"},{"binary_name":"golang-golang-x-net-dev","binary_version":"1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm1"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:16.04:LTS","cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2024-45338"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7197-1.json"}},{"package":{"name":"juju-core","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/juju-core@2.3.7-0ubuntu0.16.04.1+esm1?arch=source&distro=esm-infra/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.3.7-0ubuntu0.16.04.1+esm1"}]}],"versions":["1.24.6-0ubuntu3","1.25.0-0ubuntu1","1.25.0-0ubuntu2","1.25.0-0ubuntu3","2.0~beta4-0ubuntu2","2.0~beta6-0ubuntu1.16.04.1","2.0~beta7-0ubuntu1.16.04.1","2.0~beta12-0ubuntu1.16.04.1","2.0~beta15-0ubuntu2.16.04.1","2.0.0-0ubuntu0.16.04.2","2.0.2-0ubuntu0.16.04.1","2.0.2-0ubuntu0.16.04.2","2.3.1-0ubuntu0.16.04.1","2.3.2-0ubuntu0.16.04.1","2.3.7-0ubuntu0.16.04.1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro","binaries":[{"binary_name":"juju","binary_version":"2.3.7-0ubuntu0.16.04.1+esm1"},{"binary_name":"juju-2.0","binary_version":"2.3.7-0ubuntu0.16.04.1+esm1"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:16.04:LTS","cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2024-45338"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7197-1.json"}},{"package":{"name":"golang-golang-x-net-dev","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/golang-golang-x-net-dev@1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm1?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm1"}]}],"versions":["1:0.0+git20170629.c81e7f2+dfsg-1ubuntu1","1:0.0+git20170629.c81e7f2+dfsg-1ubuntu2","1:0.0+git20170629.c81e7f2+dfsg-2"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"golang-go.net-dev","binary_version":"1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm1"},{"binary_name":"golang-golang-x-net-dev","binary_version":"1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm1"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:18.04:LTS","cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2024-45338"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7197-1.json"}},{"package":{"name":"adsys","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/adsys@0.9.2~20.04.2ubuntu0.1?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.9.2~20.04.2ubuntu0.1"}]}],"versions":["0.8~22.04","0.9.2~20.04","0.9.2~20.04.1","0.9.2~20.04.2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"adsys","binary_version":"0.9.2~20.04.2ubuntu0.1"},{"binary_name":"adsys-windows","binary_version":"0.9.2~20.04.2ubuntu0.1"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:20.04:LTS","cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2024-45338"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7197-1.json"}},{"package":{"name":"golang-golang-x-net-dev","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/golang-golang-x-net-dev@1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm1?arch=source&distro=esm-apps/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm1"}]}],"versions":["1:0.0+git20190811.74dc4d7+dfsg-1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"golang-go.net-dev","binary_version":"1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm1"},{"binary_name":"golang-golang-x-net-dev","binary_version":"1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm1"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:20.04:LTS","cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2024-45338"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7197-1.json"}},{"package":{"name":"adsys","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/adsys@0.14.3~22.04ubuntu0.1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.14.3~22.04ubuntu0.1"}]}],"versions":["0.7.1","0.7.1build1","0.8","0.8ubuntu1","0.8.1","0.8.2","0.8.3","0.8.4","0.8.5~22.04","0.9.2~22.04","0.9.2~22.04.1","0.9.2~22.04.2","0.14.1~22.04","0.14.2~22.04","0.14.2~22.04ubuntu0.1","0.14.3~22.04"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"adsys","binary_version":"0.14.3~22.04ubuntu0.1"},{"binary_name":"adsys-windows","binary_version":"0.14.3~22.04ubuntu0.1"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:22.04:LTS","cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2024-45338"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7197-1.json"}},{"package":{"name":"golang-golang-x-net","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/golang-golang-x-net@1:0.0+git20211209.491a49a+dfsg-1ubuntu0.1~esm1?arch=source&distro=esm-apps/jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:0.0+git20211209.491a49a+dfsg-1ubuntu0.1~esm1"}]}],"versions":["1:0.0+git20210119.5f4716e+dfsg-4","1:0.0+git20210805.aaa1db6+dfsg-1","1:0.0+git20211209.491a49a+dfsg-1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"golang-golang-x-net-dev","binary_version":"1:0.0+git20211209.491a49a+dfsg-1ubuntu0.1~esm1"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:22.04:LTS","cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2024-45338"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7197-1.json"}},{"package":{"name":"adsys","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/adsys@0.14.3~24.04ubuntu0.1?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.14.3~24.04ubuntu0.1"}]}],"versions":["0.13.1","0.13.2","0.13.3","0.14.1","0.14.1build1","0.14.1ubuntu0.24.04.1","0.14.2~24.04","0.14.2~24.04ubuntu0.1","0.14.3~24.04"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"adsys","binary_version":"0.14.3~24.04ubuntu0.1"},{"binary_name":"adsys-windows","binary_version":"0.14.3~24.04ubuntu0.1"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:24.04:LTS","cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2024-45338"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7197-1.json"}},{"package":{"name":"golang-golang-x-net","ecosystem":"Ubuntu:Pro:24.04:LTS","purl":"pkg:deb/ubuntu/golang-golang-x-net@1:0.21.0+dfsg-1ubuntu0.1~esm1?arch=source&distro=esm-apps/noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:0.21.0+dfsg-1ubuntu0.1~esm1"}]}],"versions":["1:0.10.0-1","1:0.17.0+dfsg-1","1:0.20.0+dfsg-1","1:0.21.0+dfsg-1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"golang-golang-x-net-dev","binary_version":"1:0.21.0+dfsg-1ubuntu0.1~esm1"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:24.04:LTS","cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2024-45338"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7197-1.json"}}],"schema_version":"1.7.5"}