go/parser: infinite loop in parsing (CVE-2023-24537)
eks-distro-pr-bot opened this issue · comments
Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.
Thanks to Philippe Antoine (Catena cyber) for reporting this issue.
This is CVE-2023-24537 and Go issue https://go.dev/issue/59180.
/cc @golang/security and @golang/release