Vulnerability Report: GO-2024-2609
standard library- CVE-2024-24784
- Affects: net/mail
- Published: Mar 05, 2024
- Modified: May 20, 2024
The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers.
Affected Packages
-
PathGo VersionsSymbols
-
before go1.21.8, from go1.22.0-0 before go1.22.1
Aliases
References
- https://go.dev/issue/65083
- https://go.dev/cl/555596
- https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
- https://vuln.go.dev/ID/GO-2024-2609.json
Credits
- Juho Nurminen of Mattermost, Slonser (https://github.com/Slonser)
Feedback
See anything missing or incorrect?
Suggest an edit to this report.