=1.22.0-0 <1.22.3

Q: How to fix?

Upgrade std/net to version 1.22.3 or higher.

Threat Intelligence

0.15% (36^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-GOLANG-STDNET-14548517
published6 Jan 2026
disclosed7 May 2024
creditMateusz Poliwczak

Report a new vulnerability Found a mistake?

Introduced: 7 May 2024

CVE-2024-24788 (opens in a new tab) CWE-835 (opens in a new tab)

How to fix?

Upgrade std/net to version 1.22.3 or higher.

Overview

std/net is a Go standard library package std/net

Affected versions of this package are vulnerable to Infinite loop.

Go Vulnerability Report:
A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.

References

CVSS Base Scores

version 4.0

version 3.1

Attack Vector (AV)
Network
Attack Complexity (AC)
Low
Attack Requirements (AT)
Present
Privileges Required (PR)
None
User Interaction (UI)
None

Confidentiality (VC)
None
Integrity (VI)
None
Availability (VA)
High

Confidentiality (SC)
None
Integrity (SI)
None
Availability (SA)
None