Vulnerability CVE-2024-24786: Information

Description

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

URL: https://nvd.nist.gov/vuln/detail/CVE-2024-24786
Published: March 6, 2024
Modified: May 1, 2024

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
buildahsisyphus1.35.2-alt11.35.4-alt1ALT-PU-2024-4734-1343761Fixed
buildahsisyphus_riscv641.35.2-alt11.35.4-alt1ALT-PU-2024-4799-1-Fixed
buildahsisyphus_loongarch641.35.2-alt11.35.4-alt1ALT-PU-2024-4784-1-Fixed
buildahp101.34.3-alt0.p101.34.3-alt0.p10ALT-PU-2024-4646-2343760Fixed
buildahc10f11.34.3-alt0.p101.34.3-alt0.p10ALT-PU-2024-7024-3345716Fixed
cri-o1.27sisyphus1.27.6-alt11.27.4-alt1ALT-PU-2024-8173-3348675In work
cri-o1.28sisyphus1.28.6-alt11.28.4-alt1ALT-PU-2024-8175-4348675In work
kubernetes1.26sisyphus1.26.15-alt11.26.14-alt1.1ALT-PU-2024-8264-2348675In work

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://go.dev/cl/569356
    https://pkg.go.dev/vuln/GO-2024-2611
      https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU/
        http://www.openwall.com/lists/oss-security/2024/03/08/4
          VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
          Version: v24.5.1
          Back to top