Vulnerability CVE-2024-24786: Information
Description
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
buildah | sisyphus | 1.35.2-alt1 | 1.35.4-alt1 | ALT-PU-2024-4734-1 | 343761 | Fixed |
buildah | sisyphus_riscv64 | 1.35.2-alt1 | 1.35.4-alt1 | ALT-PU-2024-4799-1 | - | Fixed |
buildah | sisyphus_loongarch64 | 1.35.2-alt1 | 1.35.4-alt1 | ALT-PU-2024-4784-1 | - | Fixed |
buildah | p10 | 1.34.3-alt0.p10 | 1.34.3-alt0.p10 | ALT-PU-2024-4646-2 | 343760 | Fixed |
buildah | c10f1 | 1.34.3-alt0.p10 | 1.34.3-alt0.p10 | ALT-PU-2024-7024-3 | 345716 | Fixed |
cri-o1.27 | sisyphus | 1.27.6-alt1 | 1.27.4-alt1 | ALT-PU-2024-8173-3 | 348675 | In work |
cri-o1.28 | sisyphus | 1.28.6-alt1 | 1.28.4-alt1 | ALT-PU-2024-8175-4 | 348675 | In work |
kubernetes1.26 | sisyphus | 1.26.15-alt1 | 1.26.14-alt1.1 | ALT-PU-2024-8264-2 | 348675 | In work |