Skip to content

archive/zip: EOCDR comment length handling is inconsistent with other ZIP implementations [1.22 backport] #67554

New issue
New issue
Closed
Closed
archive/zip: EOCDR comment length handling is inconsistent with other ZIP implementations [1.22 backport]#67554
Labels
CherryPickApprovedUsed during the release process for point releasesFrozenDueToAgeSecurity
Milestone
 
Go1.22.4
@gopherbot

Description

@gopherbot
gopherbot
opened on May 21, 2024

@neild requested issue #66869 to be considered for backport to the next 1.22 minor release.

This parser misalignment is a PUBLIC track security issue. We have assigned this CVE-2024-24789.

@gopherbot please open backport issues. This is a security issue.

Metadata

Metadata

Assignees

No one assigned

    Labels

    CherryPickApprovedUsed during the release process for point releasesFrozenDueToAgeSecurity

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions