DEBIAN-CVE-2024-24789

DEBIAN-CVE-2024-24789 PUBLISHED CVSS 5.5 MEDIUM

The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.

Risk Scores

CVSS 3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Affected Products

Vendor	Product	Versions
Debian:12	golang-1.19	0, 1.19.10-1, 1.19.10-2
Debian:11	golang-1.15	0, 1.15.15-1, 1.15.15-1~deb11u2

Timeline

Jun 5, 2024 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2024-24789 advisory

Open in Interactive Console →