35 matches found
RHCOS 4 : Red Hat build of MicroShift 4.16.0 (RHSA-2024:0043)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0043 advisory. - kubernetes: kube-apiserver: bypassing mountable secrets policy imposed by the ServiceAccount admission plugin CVE-2024-3177 -...
K000141024: GO vulnerability CVE-2024-24786
Security Advisory Description The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is se...
Medium: nerdctl
Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...
Important: docker
Issue Overview: The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...
Important: docker
Issue Overview: The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...
Important: docker
Issue Overview: The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...
golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON
A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. Thi...
Medium: cri-tools
Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...
OESA-2024-1381 cri-tools security update
CLI and validation tools for Container Runtime Interface Security Fixes: A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.CVE-2022-41723 A malicious HTTP/2 client which...
OESA-2024-1380 cri-tools security update
CLI and validation tools for Container Runtime Interface Security Fixes: A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.CVE-2022-41723 A malicious HTTP/2 client which...
golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON
A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. Thi...
golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON
A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. Thi...
AZL-35592 CVE-2024-24786 affecting package packer for versions less than 1.9.5-4
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...
AZL-35651 CVE-2024-24786 affecting package gh for versions less than 2.62.0-1
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...
AZL-35582 CVE-2024-24786 affecting package moby-buildx for versions less than 0.7.1-24
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...
AZL-35638 CVE-2024-24786 affecting package containerized-data-importer for versions less than 1.57.0-6
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...
AZL-35643 CVE-2024-24786 affecting package docker-compose for versions less than 2.27.0-1
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...
AZL-35663 CVE-2024-24786 affecting package kubevirt for versions less than 1.2.0-10
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...
AZL-35635 CVE-2024-24786 affecting package cert-manager for versions less than 1.12.12-1
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...
AZL-35665 CVE-2024-24786 affecting package moby-containerd-cc for versions less than 1.7.7-5
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...