Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Go Language Updates Fix Critical Flaws

May 9, 2024
Reading Time: 3 mins read
in Alerts
Go Language Updates Fix Critical Flaws

The Go programming language, renowned for its simplicity and efficiency, has recently been the focus of crucial security enhancements due to the discovery of significant vulnerabilities. These vulnerabilities, identified as CVE-2024-24787 and CVE-2024-24788, have the potential to allow attackers to execute arbitrary code or disrupt services through infinite loops. CVE-2024-24787 specifically targets the Darwin operating systems and is triggered during the build process when CGO is used improperly with certain linker flags. This flaw could let an attacker execute arbitrary code by loading a malicious Link Time Optimization (LTO) library, which is rated with a high severity score of 9.8.

The second vulnerability, CVE-2024-24788, affects the DNS lookup functions within Go, where a specially crafted DNS response could force these functions into an infinite loop, potentially leading to a Denial-of-Service (DoS) condition. This vulnerability is particularly concerning for web-facing applications and services that rely on Go for DNS queries, with a notable impact as reflected by its CVSS score of 7.5. Both vulnerabilities pose a significant threat to systems running affected versions of Go, underscoring the importance of timely updates to mitigate risks.

In response to these threats, the Go team has released new versions of the language—1.22.3 and 1.21.10—that patch these critical vulnerabilities. Developers and system administrators are urged to promptly update their Go installations to these newer versions to protect their systems from potential exploits. The updates address the specific issues raised, helping to prevent the exploitation of the identified vulnerabilities.

These incidents highlight the continuous challenges in securing software supply chains and infrastructure, especially as the adoption of Go expands across various applications. It reinforces the necessity for rigorous security practices and the importance of regular updates to keep up with emerging threats. Users of Go are advised to adhere to security best practices and ensure their systems are updated to avoid falling victim to these security flaws.

Reference:
  • Go Language Issues Critical Security Patches for Flaws

Tags: Cyber AlertCyber Alerts 2024Cyber RiskCyber threatGo languageLink Time OptimizationMay 2024
ADVERTISEMENT

Related Posts

Fake DocuSign Alerts Target Corporate Logins

Fake DocuSign Alerts Target Corporate Logins

May 28, 2025
Fake DocuSign Alerts Target Corporate Logins

Fake Bitdefender Site Spreads Venom Malware

May 28, 2025
Fake DocuSign Alerts Target Corporate Logins

Microsoft Void Blizzard Cyber Threat Alert

May 28, 2025
GhostSpy Android Malware Full Device Control

FBI Warns Luna Moth Targets US Law Firms

May 27, 2025
GhostSpy Android Malware Full Device Control

Winos 4.0 Malware Spread Via Fake Installers

May 27, 2025
GhostSpy Android Malware Full Device Control

GhostSpy Android Malware Full Device Control

May 27, 2025

Latest Alerts

Microsoft Void Blizzard Cyber Threat Alert

Fake DocuSign Alerts Target Corporate Logins

Fake Bitdefender Site Spreads Venom Malware

FBI Warns Luna Moth Targets US Law Firms

Winos 4.0 Malware Spread Via Fake Installers

GhostSpy Android Malware Full Device Control

Subscribe to our newsletter

    Latest Incidents

    Migos IG Hack Blackmails Solana Cofounder

    Tiffany & Co. Faces Data Breach Incident

    MathWorks Crippled by Ransomware Attack

    Everest Ransomware Leaks Coke Staff Data

    Adidas Data Breach Exposes Customer Contacts

    Semiconductor Firm AXT Hit by Data Breach

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial